C-17
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixC Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
Step2 Click the General tab and enter banner text in the Office field, which uses the AD/LDAP attribute
physicalDeliveryOfficeName.
FigureC-3 LDAP User Configuration
Step3 Create an LDAP attribute map on the ASA.
The following example creates the map Banner and maps the AD/LDAP attribute
physicalDeliveryOfficeName to the Cisco attribute Banner1:
hostname(config)# ldap attribute-map Banner
hostname(config-ldap-attribute-map)# map-name physicalDeliveryOfficeName Banner1
Step4 Associate the LDAP attribute map to the AAA server.
The following example enters the aaa server host configuration mode for the host 10.1.1.2 in the AAA
server group MS_LDAP, and associates the attribute map Banner that you created in Step 3:
hostname(config)# aaa-server MS_LDAP host 10.1.1.2
hostname(config-aaa-server-host)# ldap-attribute-map Banner
Step5 Test the banner enforcement.
The following example shows a clientless SSL connection and the banner enforced through the attribute
map after the user authenticates (see Figure C-4).