Cisco ASA 5505 Configuration Manual page 1750

Appendix B Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
User-Based Attributes Policy Enforcement
Any standard LDAP attribute can be mapped to a well-known Vendor Specific Attribute (VSA)
Likewise, one or more LDAP attribute(s) can be mapped to one or more Cisco LDAP attributes.
In this use case we configure the adaptive security appliance to enforce a simple banner for a user
configured on an AD LDAP server. For this case, on the server, we use the Office field in the General
tab to enter the banner text. This field uses the attribute named physicalDeliveryOfficeName. On the
adaptive security appliance, we create an attribute map that maps physicalDeliveryOfficeName to the
Cisco attribute Banner1. During authentication, the adaptive security appliance retrieves the value of
physicalDeliveryOfficeName from the server, maps the value to the Cisco attribute Banner1, and
displays the banner to the user.
This case applies to any connection type, including the IPSec VPN client, AnyConnect SSL VPN client,
or clientless SSL VPN. For the purposes of this case, User1 is connecting through a clientless SSL VPN
connection.
Configure the attributes for a user on the AD/LDAP Server.
Step 1
Right-click a user. The properties window displays (Figure B-3). Click the General tab and enter some
banner text in the Office field. The Office field uses the AD/LDAP attribute
physicalDeliveryOfficeName.
Figure B-3 Figure 3 LDAP User configuration
Cisco ASA 5500 Series Configuration Guide using ASDM
B-18
OL-20339-01