Cisco Support Community
Community Member

Use ACS 5.3 to pass AD attributes to ASA clientless SSL VPN

Here is the situation I am facing.  My client (a school district) would like to have users be able to access their home drives using the clientless SSL VPN.  The issue resides in that there isn't one central location for all the home directories.  Even though each home directory is on the same server, they are separate into sub-folders which are the locations of each school.  For example:



The location is listed in the Active Directory attribute under organization.  What I would like to know is if there is a way to send that attribute from AD to ACS, so when the user connects with the clientless SSL VPN, it maps there drive based on their location. 

I have been trying to search to find a solution, but haven't found one yet. 

TIA for your help.


Cisco Employee

Re: Use ACS 5.3 to pass AD attributes to ASA clientless SSL VPN

Hi Deyster,

I guess we missed this post. It's too late but let me attempt to answer this:

Can you see the desired attributes under Users and Identity Stores > External Identity Stores > Active Directory, then click the Directory Attributes tab.

Enter the name of a domain user. Click to access the Attributes secondary window, which displays the attributes of the name you entered in the previous field.

If you see the desired attribute, you can select that attribute from the list, then click Edit to edit the attribute.

Click Add to add an attribute to the Attribute Name list.

After that go to the access-policies > authorization policy > click on customize (right bottom corner)> select/move the desired attribute to the righ end side > Ok.

Now click on create > enter the value of that attribute.

Please give a try with the above suggested steps and let me know.

Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal
CreatePlease to create content