6-43
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter6 Managing Policy Objects
Understanding AAA Server and Server Group Objects
Add and Edit LDAP Attribute Map Dialog Boxes
Use the Add and Edit LDAP (Lightweight Directory Access Protocol) Attribute Map dialog boxes to
populate the attribute map with name mappings that translate Cisco LDAP attribute names to custom,
user-defined attribute names.
If you are introducing a security appliance to an existing LDAP directory, your existing custom LDAP
attribute names and values are probably different from the Cisco attribute names and values. Rather than
renaming your existing attributes, you can create LDAP attribute maps that map your custom attribute
names and values to Cisco attribute names and values. By using simple string substitution, the security
appliance then presents you with only your own custom names and values. You can then bind these
attribute maps to LDAP servers or remove them as needed. You can also delete entire attribute maps or
remove individual name and value entries.
For more information regarding LDAP support on ASA, PIX, and FWSM devices, see Additional AAA
Support on ASA, PIX, and FWSM Devices, page 6-26.
Navigation Path
Select Manage > Policy Objects, then select LDAP Attribute Map from the Object Type selector.
Right-click inside the table and select New Object, or right-click a row and select Edit Object.
Related Topics
Creating AAA Server Objects, page 6-29
AAA Server Dialog Box—LDAP Settings, page 6-37
Field Reference
Table6-15 Add and Edit LDAP Attribute Map Dialog Boxes
Element Description
Name The object name, which can be up to 128 characters. Object names are
not case-sensitive. For more information, see Creating Policy Objects,
page 6-9.
Description An optional description of the object.
Attribute Map table The table shows the mapped values. Each entry shows the customer
map name, Cisco map name, and the attribute mapping of customer
name to Cisco name.
To add a mapping, click the Add Row button to open the Add and
Edit LDAP Attribute Map Value Dialog Boxes, page 6-44.
To edit a mapping, select it and click the Edit Row button.
To delete a mapping, select it and click the Delete Row button.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.