Cisco ASA 5505 Configuration Manual page 668

Configuring LDAP Attribute Maps
b.
c.
d.
e.
To set a dedicated IP address for this user, enter an IP address and subnet mask in the Dedicated IP
Step 4
Address (Optional) area.
To configure clientless SSL settings, in the left-hand pane, click Clientless SSL VPN. To override each
Step 5
setting, uncheck the Inherit check box, and enter a new value.
Click Apply.
Step 6
The changes are saved to the running configuration.
Configuring LDAP Attribute Maps
If you are introducing an adaptive security appliance to an existing LDAP directory, your existing LDAP
attribute names and values are probably different from the existing ones. You must create LDAP attribute
maps that map your existing user-defined attribute names and values to Cisco attribute names and values
that are compatible with the adaptive security appliance. You can then bind these attribute maps to LDAP
servers or remove them, as needed. You can also show or clear attribute maps.
To use the attribute mapping features correctly, you need to understand Cisco LDAP attribute names and
Note
values, as well as the user-defined attribute names and values.
The names of frequently mapped Cisco LDAP attributes and the type of user-defined attributes that they
would commonly be mapped to include the following:
•
•
•
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
31-22
Click New to open the Add Time Range dialog box, in which you can specify a new set of access
hours.
If the Inherit check box is not checked, the Simultaneous Logins parameter specifies the maximum
number of simultaneous logins allowed for this user. The default value is 3. The minimum value is
0, which disables login and prevents user access.
Note While there is no maximum limit, allowing several simultaneous connections could
compromise security and affect performance.
If the Inherit check box is not checked, the Maximum Connect Time parameter specifies the
maximum user connection time in minutes. At the end of this time, the system terminates the
connection. The minimum is 1 minute, and the maximum is 2147483647 minutes (over 4000 years).
To allow unlimited connection time, check the Unlimited check box (the default).
If the Inherit check box is not checked, the Idle Timeout parameter specifies this user's idle timeout
period in minutes. If there is no communication activity on the user's connection in this period, the
system terminates the connection. The minimum time is 1 minute, and the maximum time is 10080
minutes. This value does not apply to users of clientless SSL VPN connections.
IETF-Radius-Class—A department or user group
IETF-Radius-Filter-Id—An access control list
IETF-Radius-Framed-IP-Address—A static IP address
IPSec-Banner1—An organization title
Tunneling-Protocols—Allows or denies dial-in
Chapter 31 Configuring AAA Servers and the Local Database
OL-20339-01