Cisco PIX 500 Series Configuration Manual page 1069

Appendix E Configuring an External Server for Authorization and Authentication
Note
To confirm the new record, choose Start > Settings > Control Panel > Administrative Tools > Active
Step 2
Directory Users and Computers.
The Active Directory Users and Computers window appears, as shown in
Figure E-2
On the security appliance, create a aaa-server record for the LDAP server. For this example, these
Step 3
authorization records are stored in the Franklin-Altiga folder. The necessary steps are shown in the
following commands:
hostname(config)# aaa-server ldap-authorize-grp protocol ldap
hostname(config-aaa-server-group)# aaa-server ldap-authorize-grp host 10.1.1.4
hostname(config-aaa-server-host)# ldap-base-dn ou=Franklin-Altiga,dc=frdevtestad, dc=local
hostname(config-aaa-server-host)# ldap-scope subtree
hostname(config-aaa-server-host)# ldap-naming-attribute cn
hostname(config-aaa-server-host)# ldap-login-password anypassword
hostname(config-aaa-server-host)# ldap-login-dn cn=Administrator,cn=Users,
dc=frdevtestad,dc=local
hostname(config-aaa-server-host)# ldap-attribute-map LdapSvrName
hostname(config-aaa-server-host)#
Create a tunnel group that specifies SDI Authentication and LDAP authorization, as shown in the
Step 4
following example commands:
hostname(config)# tunnel-group ipsec-tunnelgroup type ipsec-ra
hostname(config)# tunnel-group ipsec-tunnelgroup general-attributes
hostname(config)# authentication-server-group sdi-group
hostname(config)# authorization-server-group ldap-authorize-group
hostname(config)#
This example does not show the configuration for sdi-group.
Note
OL-12172-03
Contact Cisco TAC to obtain the Microsoft AD LDAP schema for Cisco VPN attributes.
Active Directory Users and Computers Window
Cisco Security Appliance Command Line Configuration Guide
Configuring an External LDAP Server
Figure E-2.
E-19