Cisco Support Community
Community Member

LDAP attributes with space characters ...

Hi there!

I'm trying to bind Web VPN users on an ASA5510 with ASA 8.0(2) to a specific group via LDAP. Everything works fine in my test configuration, but it's not working in our production environment.

I'm trying to do a

ldap attribute-map WEB-VPN

map-name memberOf IETF-Radius-Class

map-value memberOf CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com WEBVPN-USERS-POLICY

But I'm getting a "ERROR: % Invalid input detected at '^' marker." Where '^' is pointing at my policy name. If I remove the blanks in the OU part it's accepting the command, but mapping doesn't work.

Is there a way to mask the blanks or to tell the ASA to use a diffrent charakter for seperating the ldap value from the group policy name?

Changing the OU is not possible ... ;-)

Community Member

Re: LDAP attributes with space characters ...

Do you have it working so if the users are not in the WEB-VPN-GG group they don't get in? If so mine is working but I'm trying to figure out the best way to restrict.

Community Member

Re: LDAP attributes with space characters ...

Hi Markus

Might be a bit late, but here's the solution. You have to use quotes:

map-value memberOf "CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com" WEBVPN-USERS-POLICY

I've found this out using ASDM!



CreatePlease to create content