yes it supports. The following configuration section gives you an idea about the configuring the authentication.
create aaa-server entry for LDAP server
aaa-server LDAP_Author protocol ldap
aaa-server LDAP_Author (private) host 10.86.195.23
ldap-base-dn ou=people,dc=CorporationXYZ,dc=com
ldap-scope subtree
ldap-naming-attribute c
ldap-login-password mysecret
ldap-login-dn cn=Administrator,cn=Users,dc=frdevtestad,dc=local
configure tunnel-group to use authorization-server-group LDAP and enable authorization required (meaning successful authorization needed, user must exist in the LDAP database)
f1-5# show runn tunnel-group Client
tunnel-group Client type ipsec-ra
tunnel-group Client general-attributes
address-pool mypool
authentication-server-group Kerberos
authorization-server-group LDAP_Author
authorization-required
tunnel-group Client ipsec-attributes
pre-shared-key *
f1-5#
Before VPN tunnel-establishment verify that the user is probaly configured in the LDAP databse . Use the folowing command to verify
# test aaa-server authorization LDAP_Author host 10.86.195.23 user