Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA8,0(3)6 SSL VPN & Sun One LDAP Groups

First time working with an ASA and LDAP. We're trying to require users to be part of a vpnusers group in a Sun One 5.2 directory. The ASA config examples all seem to assume that group membership values are assigned to the user object in LDAP. It's not the case in our Sun LDAP. Groups are separate objects with the members defined in the group object with "uniquemember". Determining group membership requires a query of the group for the uid or dn of the user to see if they're a member. I can't find any examples of the ASA working with this.

2 REPLIES
Silver

Re: ASA8,0(3)6 SSL VPN & Sun One LDAP Groups

Use this Cisco Security Appliance Command Reference for your configuration assitance.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/cmd_ref.html

New Member

Re: ASA8,0(3)6 SSL VPN & Sun One LDAP Groups

There is a fundamental ldap object structure at issue. All of the Cisco configuration guides call out the user object having the "memberof" attribute. In our Sun One directory user objects do not have any "memberof" attributes. User objects are contained within group objects using the "uniquemember" attribute. So to determine group membership in the Sun directory you can't query a user object's memberof attribute. you have to query the group for the user object.

None of the Cisco guides I've seen contain any reference to this method. They're all referring to 'memberof' as a user object attribute.

Thanks,

tye

211
Views
0
Helpful
2
Replies