Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WebVPN - user assigned to multiple LDAP groups

it's a webvpn implementation with ldap. Group Alias enabled of different tunnel-group/policy.

A user is a memberOf different LDAP groups - example group1,2 and 3. It seems like ASA behaves the first match via LDAP query and the user failed to login on other groups. Have you guys experience this too? Anyone resolved a user assigned to multiple AD groups?

thanks in advance.

3 REPLIES

Re: WebVPN - user assigned to multiple LDAP groups

Yes, it only does first match via LDAP.

You need use DAP if you would like to match multiple groups.

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

New Member

Re: WebVPN - user assigned to multiple LDAP groups

Thanks. So, how would you assign DAP into the group-policy or group-policy into DAP?

Example:

http://company.com/portal-1

http://company.com/portal-2

user1 is allowed to login portal-1 but not portal-2.

user2 is allowed both portals.

This is where i'm having an issue with LDAP since it do the first match only via ldap mapping.

New Member

Re: WebVPN - user assigned to multiple LDAP groups

I am having the same issue in mapping DAPs to LDAP groups when there are multiple groups.

Has anyone managed to get this working successfully?

259
Views
0
Helpful
3
Replies
CreatePlease to create content