Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How do I define which group has priority when defining LDAP group to Role mappings in User authentication?

I have defined an LDAP query to allow admin users to authenticate to our M series SMA remotely, and this works.

Now I have several LDAP groups which I would like to map to various admin roles -- Administrator, Email Administrator, and Read-only Operator.

The problem is that some users are in multiple groups, such as 'email admin' and 'administrator', and I want to be able to define the priority of which role to use, or else take the union of the rights.  Instead, the user is granted 'email admin' rights even though they are in the 'administrator' group in addition.

Is there any way to do this?  Or, if not, what rule is used to determine the rights given?  I notice I cannot order the group mappings manually; maybe they are applied alphabetically with the last one winning?


  • Security Management
Everyone's tags (3)
This widget could not be displayed.