Placing ldap users in a specific group policy – Cisco ASA 5505 User Manual

C-18

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External LDAP Server

Figure C-4

Banner Displayed

Placing LDAP Users in a Specific Group Policy

The following example shows how to authenticate User1 on the AD LDAP server to a specific group
policy on the ASA. On the server, use the Department field of the Organization tab to enter the name of
the group policy. Then create an attribute map and map Department to the Cisco attribute
IETF-Radius-Class. During authentication, the ASA retrieves the value of Department from the server,
maps the value to the IETF-Radius-Class, and places User1 in the group policy.

This example applies to any connection type, including the IPsec VPN client, AnyConnect SSL VPN
client, or clientless SSL VPN. In this example, User1 is connecting through a clientless SSL VPN
connection.

To configure the attributes for the user on the AD LDAP server, perform the following steps:

Step 1

Right-click the user.

The Properties dialog box appears (see

Figure C-5

).

Step 2

Click the Organization tab and enter Group-Policy-1 in the Department field.