Cisco ASA Series Cli Configuration Manual page 2126

Software version 9.0 for the services module
Hide thumbs Also See for ASA Series:
Table of Contents

Advertisement

Configuring an External LDAP Server
4.
5.
Figure 1-1
Configuring an External LDAP Server
The VPN 3000 concentrator and the ASA/PIX 7.0 software required a Cisco LDAP schema for
authorization operations. Beginning with Version 7.1.x, the ASA performs authentication and
authorization using the native LDAP schema, and the Cisco schema is no longer needed.
You configure authorization (permission policy) using an LDAP attribute map. For examples, see the
"Active Directory/LDAP VPN Remote Access Authorization Examples" section on page
This section describes the structure, schema, and attributes of an LDAP server and includes the following
topics:
The specific steps of these processes vary, depending on which type of LDAP server that you are using.
Cisco ASA Series CLI Configuration Guide
1-2
For LDAP servers, any attribute name can be used to set the group policy for the session. The LDAP
attribute map that you configure on the ASA maps the LDAP attribute to the Cisco attribute
IETF-Radius-Class.
Group policy assigned by the Connection Profile (called tunnel-group in the CLI)—The Connection
Profile has the preliminary settings for the connection, and includes a default group policy applied
to the user before authentication. All users connecting to the ASA initially belong to this group,
which provides any attributes that are missing from the DAP, user attributes returned by the server,
or the group policy assigned to the user.
Default group policy assigned by the ASA (DfltGrpPolicy)—System default attributes provide any
values that are missing from the DAP, user attributes, group policy, or connection profile.
Policy Enforcement Flow
Organizing the ASA for LDAP Operations, page 1-3
Defining the ASA LDAP Configuration, page 1-5
Active Directory/LDAP VPN Remote Access Authorization Examples, page 1-15
Appendix 1
Configuring an External Server for Authorization and Authentication
1-15.

Advertisement

Table of Contents
loading

Table of Contents