Hi, I have following issue. I am using an OpenLDAP server to authenticate IPSec VPN Client users. It works to authentivate against an OpenLdap server. But my problem is, that I want to have two different Group Policies depending on the LDAP group users belonging to. And users not belonging to vpnusr group should not be allowed to establish a VPN at all. I've created a VPN group on the LDAP server, cn=vpnusr,ou=Groups,dc=example,dc=com. and ou=Users dc=example,dc=com.
I found a lot examples for Microsoft AD with memberOf but did not get it running with Open LDAP. On the ASA, I have tried this (Admin_Users is on of the Policy Groups):
If I go to the command line and do a debug ldap 255, and then do a test authorization, the ASA checks the server, but there's no mention anywhere of group memberships - it's not checking at all. What have I missed? Does anyone can help me with an example?
Thanks a lot in advance!!!!
ASA version is 8.0(4), ASDM is 6.1(5)51.
Nachricht geändert durch gutekunst
Now I tried it with this configuration (I guess ldap attribute-map should be the problem)...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...