I've helped customers set it up and yes, it does work. Basically you can assign attributes to users from your LDAP database, these override what is set on the concentrator. You don't have to define every attribute, so don't go and create this huge LDAP schema, only define the attributes you want to define via LDAP specifically and that should be enough.
You'll end up with something like this under a user profile:
cVPN3000-IPSec-Banner1: Welcome to the XYZ Corporation!!!
The object class must be called "cVPN3000-User-Authorization" at the moment, it may be able to be changed in later code releases but for now it has to be that.
A good way to start off is just define the following:
cVPN3000-IPSec-Banner1: Hi there
and if the user gets that when they login then you know your database is set up OK. After that it's just a matter of adding in whatever other attributes you want, they're all listed in the URL you posted initially.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...