Hi
I have an ASA5510 authenticating remote users against a Microsoft Windows 2003 Server via LDAP. I have all of this working, however I was wondering if there was any way of specifying more than one LDAP Naming Attribute.
My current config looks like:
aaa-server LDAP protocol ldap
aaa-server LDAP host 192.168.0.237
server-port 636
ldap-base-dn ou=Users,dc=somecompany,dc=com
ldap-scope subtree
ldap-naming-attribute cn
ldap-login-password <password>
ldap-login-dn Netdom\Administrator
ldap-over-ssl enable
server-type microsoft
The help seems to imply that I can specify more than than one attribute on the "ldap-naming-attribute" statement, however if I try to use various separators (including commas), then I can no longer authenticate.
e.g.
ldap-naming-attribute cn,mail
If I use the individual attributes on their own, each works fine.
Any pointers gratefully received.
Barry