Cisco ASA 5505 Configuration Manual page 1753

Appendix B Configuring an External Server for Authorization and Authentication
Add the new group-policy on the adaptive security appliance and configure the required policy attributes
Step 4
that will be assigned to the user. For this case, we created the Group-policy-1, the name entered in the
Department field on the server:
hostname(config)# group-policy Group-policy-1 external server-group LDAP_demo
hostname(config-aaa-server-group)#
Establish the VPN connection as the user would, and verify that the session inherits the attributes from
Step 5
Group-Policy1 (and any other applicable attributes from the default group-policy)
You can monitor the communication between the adaptive security appliance and the server by enabling
the debug ldap 255 command from privileged EXEC mode. Below is sample output of this command.
The output has been edited to provide the key messages:
[29] Authentication successful for user1 to 3.3.3.4
[29] Retrieving user attributes from server 3.3.3.4
[29] Retrieved Attributes:
[29] department: value = Group-Policy-1
[29] mapped to IETF-Radius-Class: value = Group-Policy-1
OL-20339-01
Configuring an External LDAP Server
Cisco ASA 5500 Series Configuration Guide using ASDM
B-21