Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
1
Replies

ldap_naming_attribute on LDAP query

barry
Level 7
Level 7

‎04-10-2006 08:57 AM - edited ‎03-09-2019 02:34 PM

Hi

I have an ASA5510 authenticating remote users against a Microsoft Windows 2003 Server via LDAP. I have all of this working, however I was wondering if there was any way of specifying more than one LDAP Naming Attribute.

My current config looks like:

aaa-server LDAP protocol ldap

aaa-server LDAP host 192.168.0.237

server-port 636

ldap-base-dn ou=Users,dc=somecompany,dc=com

ldap-scope subtree

ldap-naming-attribute cn

ldap-login-password <password>

ldap-login-dn Netdom\Administrator

ldap-over-ssl enable

server-type microsoft

The help seems to imply that I can specify more than than one attribute on the "ldap-naming-attribute" statement, however if I try to use various separators (including commas), then I can no longer authenticate.

e.g.

ldap-naming-attribute cn,mail

If I use the individual attributes on their own, each works fine.

Any pointers gratefully received.

Barry

Labels:
0 Helpful
1 Reply 1

mchin345
Level 6
Level 6

‎04-13-2006 06:02 AM

I am not aware if multiple ldap naming attributes can be combined. Not sure how this works.

Also, I do not see any configuration lines for "aaa-server key". Is this not mandatory for ladp?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents