Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1339
Views
0
Helpful
2
Replies

LDAP attributes with space characters ...

markus.jahnke
Level 1
Level 1

‎10-25-2007 08:52 AM - edited ‎03-09-2019 07:05 PM

Hi there!

I'm trying to bind Web VPN users on an ASA5510 with ASA 8.0(2) to a specific group via LDAP. Everything works fine in my test configuration, but it's not working in our production environment.

I'm trying to do a

ldap attribute-map WEB-VPN

map-name memberOf IETF-Radius-Class

map-value memberOf CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com WEBVPN-USERS-POLICY

But I'm getting a "ERROR: % Invalid input detected at '^' marker." Where '^' is pointing at my policy name. If I remove the blanks in the OU part it's accepting the command, but mapping doesn't work.

Is there a way to mask the blanks or to tell the ASA to use a diffrent charakter for seperating the ldap value from the group policy name?

Changing the OU is not possible ... ;-)

Labels:
0 Helpful
2 Replies 2

gates1150
Level 1
Level 1

‎11-08-2007 02:02 PM

Do you have it working so if the users are not in the WEB-VPN-GG group they don't get in? If so mine is working but I'm trying to figure out the best way to restrict.

0 Helpful

tgrundbacher
Level 1
Level 1

‎09-18-2008 01:56 AM

Hi Markus

Might be a bit late, but here's the solution. You have to use quotes:

map-value memberOf "CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com" WEBVPN-USERS-POLICY

I've found this out using ASDM!

Regards

Toni

0 Helpful
Customers Also Viewed These Support Documents