fw01# show version

Cisco Adaptive Security Appliance Software Version 8.2(1)

Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders

System image file is "disk0:/asa821-k8.bin"

Config file at boot was "startup-config"

fw01 up 5 days 15 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CN1000-MC-BOOT-2.00

SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0 : address is 0022.909d.xxxx, irq 9

1: Ext: Ethernet0/1 : address is 0022.909d.xxxx, irq 9

2: Ext: Ethernet0/2 : address is 0022.909d.xxxx, irq 9

3: Ext: Ethernet0/3 : address is 0022.909d.xxxx, irq 9

4: Ext: Management0/0 : address is 0022.909d.xxxx, irq 11

5: Int: Not used : irq 11

6: Int: Not used : irq 5

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

SSL VPN Peers : 10

Total VPN Peers : 250

Shared License : Disabled

AnyConnect for Mobile : Disabled

AnyConnect for Linksys phone : Disabled

AnyConnect Essentials : Disabled

Advanced Endpoint Assessment : Disabled

UC Phone Proxy Sessions : 2

Total UC Proxy Sessions : 2

Botnet Traffic Filter : Disabled

This platform has an ASA 5510 Security Plus license.

And here some relevant config-snippets:

tunnel-group DefaultWEBVPNGroup general-attributes

authentication-server-group ads LOCAL

default-group-policy smedia-default

password-management

tunnel-group DefaultWEBVPNGroup webvpn-attributes

customization smedia

tunnel-group testwizard type remote-access

tunnel-group testwizard general-attributes

authentication-server-group ads

authentication-server-group (Proxy) ads

authorization-server-group ads

default-group-policy testgrouppolicy

password-management

authorization-required

tunnel-group smedia type remote-access

tunnel-group smedia general-attributes

address-pool smedia

authentication-server-group ads LOCAL

default-group-policy smedia

password-management

tunnel-group smedia webvpn-attributes

proxy-auth sdi

group-alias smedia enable

group-policy DfltGrpPolicy attributes

vpn-idle-timeout 60

vpn-session-timeout 1440

vpn-tunnel-protocol IPSec webvpn

group-lock value DefaultWEBVPNGroup

webvpn

url-list value smedia-default

filter value smedia-default

http-proxy enable

customization value smedia

activex-relay disable

file-entry disable

file-browsing disable

group-policy smedia internal

group-policy smedia attributes

dns-server value 192.168.0.3

vpn-tunnel-protocol IPSec webvpn

group-lock value smedia

webvpn

customization value smedia

aaa-server ads protocol ldap

aaa-server ads (internal) host msads

server-port 636

ldap-base-dn ou=Mitarbeiter,DC=rp

ldap-group-base-dn OU=Sicherheitsgruppen,DC=rp

ldap-scope subtree

ldap-login-password xxx

ldap-login-dn CN=asa,OU=Extern,OU=Mitarbeiter,DC=rp

ldap-over-ssl enable

server-type microsoft

Not sure if it is a bug. I did a quick search but did not find one.

You might open a TAC case with "debug ldap 255" for further investigation.