Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DAP and LDAP

We have a number of Employees and 3rd Party users who access our VPN. The 3rd parties are from different organisations as they support different pieces of kit. Both may be in multiple AD Groups as both work internally and externally at times.

Upto now we have used an LDAP attribute map to place users in different groups e.g. Employees or Contractors.

I am looking to deploy some Cisco 5525X's and want to use DAP to get more granular on the privileges assigned to Contractors.

Is it possible to somehow identify say Contractor 1 from Contractor 2 through DAP by matching on the different AD Groups that Contractor 1 may be in versus Contractor 2. Separation in this way then allows me to use downloadable ACL's etc.

Or any other way...

Regards

Darren

Sent from Cisco Technical Support iPad App

1 REPLY
New Member

DAP and LDAP

You can use the LDAP attribute memberof in order to distinguish users from different AD security groups.

For instance attribute memberof with a value ContractorGroup1 will match any users who are members of the CotractorGroup1 AD security group.

125
Views
0
Helpful
1
Replies