Cisco Systems OL-12180-01 manual Configuring an Ldap Attribute Map, 12-21

Page 21

Chapter 12 Configuring AAA Servers and User Accounts

Configuring an LDAP Attribute Map

Note Microsoft Internet Explorer displays up to 37 characters in an authentication prompt. Netscape Navigator displays up to 120 characters, and Telnet and FTP display up to 235 characters in an authentication prompt.

Fields

Prompt—(Optional) Enables the display of AAA challenge text, specified in the field below the check box, for through-the-security appliance user sessions.

Text—(Optional) Specify a string of up to 235 alphanumeric characters or 31 words, limited by whichever maximum is first reached. Do not use special characters; however, spaces and punctuation characters are permitted. Entering a question mark or pressing the Enter key ends the string. (The question mark appears in the string.)

User accepted message—(Optional) Enables the display of text, specified in the field below the check box, confirming that the user has been authenticated.

User rejected message—(Optional) Enables the display of text, specified in the field below the check box, indicating that authentication failed.

Note All of the fields in this pane are optional. If you do not specify an authentication prompt, FTP users see FTP authentication, HTTP users see HTTP Authentication Telnet users see no challenge text.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode

Security Context

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

 

 

 

 

Configuring an LDAP Attribute Map

The LDAP Attribute Map pane (Configuration > Remote Access VPN > AAA Setup) lets you create and name an attribute map for mapping customer (user-defined) attribute names to Cisco LDAP attribute names. If you are introducing a security appliance to an existing LDAP directory, your existing customer LDAP attribute names and values are probably different from the Cisco attribute names and values. Rather than renaming your existing attributes, you can create LDAP attribute maps that map your customer attribute names and values to Cisco attribute names and values. By using simple string substitution, the security appliance then presents you with only your own customer names and values.

You can then bind these attribute maps to LDAP servers or remove them as needed. You can also delete entire attribute maps or remove individual name and value entries.

Note To use the attribute mapping features correctly, you need to understand the Cisco LDAP attribute names and values as well as the user-defined attribute names and values.

 

 

ASDM User Guide

 

 

 

 

 

 

OL-12180-01

 

 

12-21

 

 

 

 

 

Page 20 Page 22
Image 21
Page 20 Page 22
Contents About Authentication AAA Overview12-1 AAA Server and Local Database Support About AuthorizationAbout Accounting 12-2Summary of Support Radius Server Support12-3 Radius Authorization Functions Authentication MethodsTACACS+ Server Support SDI Server SupportNT Server Support Two-step Authentication ProcessKerberos Server Support SDI Version SupportSSO Support for Clientless SSL VPN with Http Forms Ldap Server SupportLocal Database Support 12-6User Profiles Configuring the Local DatabaseFallback Support 12-712-8 User Accounts12-9 Add/Edit User Account Identity12-10 Add/Edit User Account VPN Policy12-11 Identifying AAA Server Groups and Servers AAA Server Groups12-12 12-13 12-14 Add/Edit AAA Server GroupEdit AAA Local Server Group Add/Edit AAA Server12-15 12-16 12-17 12-18 12-19 Test AAA Server12-20 Configuring an Authentication Prompt12-21 Configuring an Ldap Attribute MapAdd/Edit Ldap Attribute Map Add/Edit Ldap Attribute Map Map Name Tab12-22 Add/Edit Ldap Attribute Map Map Value Tab Add/Edit Ldap Attributes Value Map12-23 12-24
Top Page Image Contents