C-18
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixC Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
FigureC-4 Banner Displayed
Placing LDAP Users in a Specific Group Policy
The following example shows how to authenticate User1 on the AD LDAP server to a specific group
policy on the ASA. On the server, use the Department field of the Organization tab to enter the name of
the group policy. Then create an attribute map and map Department to the Cisco attribute
IETF-Radius-Class. During authentication, the ASA retrieves the value of Department from the server,
maps the value to the IETF-Radius-Class, and places User1 in the group policy.
This example applies to any connection type, including the IPsec VPN client, AnyConnect SSL VPN
client, or clientless SSL VPN. In this example, User1 is connecting through a clientless SSL VPN
connection.
To configure the attributes for the user on the AD LDAP server, perform the following steps:
Step1 Right-click the user.
The Properties dialog box appears (see Figure C-5).
Step2 Click the Organization tab and enter Group-Policy-1 in the Department field.