The LDAP authorization attributes is not only for predefined group policy. You can push many attributes as per your requirement. As you want to push ACL on per user basis, that would be defined under "Cisco-AV-Pair". But again, in order to do that, you need to go through the document, and configure/add/edit your LDAP schema, so that it can have a security appliance authorization schema [object class (User-Authorization)], and all the listed attributes need to be added (all or some depending on your need) under this object class.
What can be done using the attributes is, I guess, self explanatory. Please refer to table,
If you are looking for ldif file that needs to be created, you find an example file in this document. Go to the heading "Example Security Appliance Authorization Schema". You may want to get some help from an LDAP expert.
But to push authorization attributes from LDAP server to ASA, you needs to add the LDAP authorization attributes in your LDAP.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...