Problem integrating CAS with OpenLDAP (Mapping Rules issue)
I have a problem with the integration between CAS and OpenLDAP.
The authentication works fine but the problem I have it when I try to do the assignment of roles to LDAP groups (Mapping Rules
I Create a group called 49 in the OpenLDAP and I add a test user. then create a roll in the CAM to assign the test group to VLAN 49.
I performed test creating mapping rules with these attributes and the result was negative
Uid memberUid gidNumber
Anyone know which is the attribute that I read in the OpenLDAP?
In another implementation thaht I perform with LDAP on Windows was very simple because only create the groups in the LDAP and then put in the CAM will verify the memberOf attribute and everything worked perfect.
Re: Problem integrating CAS with OpenLDAP (Mapping Rules issue)
The LDAP config for the CAM allows you to specify only the search filter for the user object.. so you can solve this only by adding the necessary info on the LDAP account.
If you cannot really add the group reference in an attribute to your LDAP users accounts, then I'm afraid you should look for a different solution.
Although this is just aimed to be a hint... as it would be a bit long to explain all the steps, a possible alternative solution would be to configure a RADIUS authentication provider on the NAC Manager and point this to an ACS 5.x.
Then, you can point ACS 5.x to the OpenLDAP server; indeed, ACS 5.x allows you to search for the user reference (either the username or the user DN) in an attribute of the group object...
I cannot think of other solutions for the moment, even though you may check with the LDAP admins (if it's not yourself :-) ) on whether it's actually a big deal to add this additional attribute to your users, similar to what AD does by default.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...