First time working with an ASA and LDAP. We're trying to require users to be part of a vpnusers group in a Sun One 5.2 directory. The ASA config examples all seem to assume that group membership values are assigned to the user object in LDAP. It's not the case in our Sun LDAP. Groups are separate objects with the members defined in the group object with "uniquemember". Determining group membership requires a query of the group for the uid or dn of the user to see if they're a member. I can't find any examples of the ASA working with this.
There is a fundamental ldap object structure at issue. All of the Cisco configuration guides call out the user object having the "memberof" attribute. In our Sun One directory user objects do not have any "memberof" attributes. User objects are contained within group objects using the "uniquemember" attribute. So to determine group membership in the Sun directory you can't query a user object's memberof attribute. you have to query the group for the user object.
None of the Cisco guides I've seen contain any reference to this method. They're all referring to 'memberof' as a user object attribute.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...