Cisco Systems OL-12180-01 Configuring an LDAP Attribute Map

12-21

ASDM User Guide

OL-12180-01

Chapter12 Configuring AAA Servers and User Accounts Configuring an LDAP Attribute Map

Note Microsoft Internet Explorer displays up to 37 characters in an authentication prompt. Netscape

Navigator displays up to 120 characters, and Telnet and FTP display up to 235 characters in an

authentication prompt.

Fields

•Prompt—(Optional) Enables the display of AAA challenge text, specified in the field below the

check box, for through-the-security appliance user sessions.

•Text—(Optional) Specify a string of up to 235 alphanumeric characters or 31 words, limited by

whichevermaximum is first reached. Do not use special characters; however,spaces and punctuation

characters are permitted. Entering a question mark or pressing the Enter key ends the string. (The

question mark appears in the string.)

•User accepted message—(Optional) Enables the display of text, specified in the field below the

check box, confirming that the user has been authenticated.

•Userrejected message—(Optional) Enables the display of text, specified in the field belowthe check

box, indicating that authentication failed.

Note Allof thefields in this pane are optional. If you do not specify an authentication prompt, FTP users see

FTP authentication, HTTP users see HTTP Authentication Telnet users see no challenge text.

Modes

The following table shows the modes in which this feature is available:

Configuring an LDAP Attribute Map

TheLDAP Attribute Map pane (Configuration > Remote Access VPN > AAA Setup) lets you create and

name an attribute map for mapping customer (user-defined) attribute names to Cisco LDAP attribute

names.If you are introducing a security appliance to an existing LDAP directory, your existing customer

LDAP attribute names and values are probably different from the Cisco attribute names and values.

Rather than renaming your existing attributes, you can create LDAP attribute maps that map your

customer attribute names and values to Cisco attribute names and values. By using simple string

substitution, the security appliance then presents you with only your own customer names and values.

Youcan then bind these attribute maps to LDAP servers or remove them as needed. Youcan also delete

entire attribute maps or remove individual name and value entries.

Note Touse the attribute mapping features correctly, you need to understand the Cisco LDAP attributenames

and values as well as the user-defined attribute names and values.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

••••—