Ssl – Cisco SSL VPN authenticating aginast AD via LDAP

active-directorycisco-asacisco-vpnldapssl

I have an ASA 5520 and am trying to set up a remote access SSL VPN authenticating against AD using LDAP. Between these two guides:

http://theitjanitor.com/configuring-cisco-asa-vp-with-active-directory-authentication/

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

I've cobbled together something that works for at least one user. My main problem going forward is this: I'm using a program called ldp.exe to navigate active directory via LDAP I see the OU's my users are located under and I see the CN entries for the individual users. The way we have our AD setup, the CN entires look like < last name >./ < first name > (example: Smith,/ John) because we have their display names in AD set up as last name comma first name. I can't give my VPN user names like Smith,/ John to log in to the VPN.

My question is: Is there another attribute I can use to set as their username on the VPN?

Any help is appreciated.

Best Answer

This should work. If you are using sAMAccountName as your ldap-naming-attribute, it doesn't matter what the CN looks like. the sAMAccountName should be the same as the pre windows 2000 name in the properties page of the user.

This is a working LDAP server config from my ASA

aaa-server ldapserver (inside) host 1.2.3.4
 server-port 3268
 ldap-base-dn dc=domain,dc=com
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *
 ldap-login-dn CN=ldapuser,OU=someou,DC=domain,DC=com
 server-type microsoft

Best Answer

Related Solutions

Ldap – Best practices or experience with company wide Username policies and resolving duplicates

Ldap – How to move SharePoint authentication from AD to LDAP without breaking user profiles

Related Topic