Cisco PIX 500 Series Configuration Manual page 1073
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Appendix E
Configuring an External Server for Authorization and Authentication
Figure E-5
To configure this example, perform the following steps on the security appliance:
Create an LDAP mapping table entry to map the Active Directory attribute department to the Cisco
Step 1
attribute IETF-Radius-Class as shown in the following example commands:
hostname(config)# ldap attribute-map ActiveDirectoryMapTable
hostname(config-ldap-attribute-map)# map-name department IETF-Radius-Class
Create a aaa-server record for the LDAP authentication server and use the ldap-base-dn to specify the
Step 2
search location for the Active Directory user records as shown in the following example commands:
hostname(config)# aaa-server ldap-authenticate protocol ldap
hostname(config-aaa-server-group)# aaa-server ldap-authenticate host 10.1.1.4
hostname(config-aaa-server-host)# ldap-base-dn cn=Users,dc=frdevtestad,dc=local
hostname(config-aaa-server-host)# ldap-scope subtree
hostname(config-aaa-server-host)# ldap-naming-attribute cn
hostname(config-aaa-server-host)# ldap-login-password anypassword
hostname(config-aaa-server-host)# ldap-login-dn cn=Administrator,cn=Users,
dc=frdevtestad,dc=local
hostname(config-aaa-server-host)#
Configure the name of the LDAP attribute map as shown in the following example command:
Step 3
hostname(config-aaa-server-host)# ldap-attribute-map ActiveDirectoryMapTable
hostname(config-aaa-server-host)#
OL-12172-03
The Organization Tab of the Active Directory Users and Computer Dialog
Cisco Security Appliance Command Line Configuration Guide
Configuring an External LDAP Server
E-23
Advertisement
Table of Contents
Troubleshooting
