I have an ASA 5520 and am trying to set up a remote access SSL VPN authenticating against AD using LDAP. Between these two guides:
http://theitjanitor.com/configuring-cisco-asa-vp-with-active-directory-authentication/
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml
I've cobbled together something that works for at least one user. My main problem going forward is this: I'm using a program called ldp.exe to navigate active directory via LDAP I see the OU's my users are located under and I see the CN entries for the individual users. The way we have our AD setup, the CN entires look like < last name >./ < first name > (example: Smith,/ John) because we have their display names in AD set up as last name comma first name. I can't give my VPN user names like Smith,/ John to log in to the VPN.
My question is: Is there another attribute I can use to set as their username on the VPN?
Any help is appreciated.
Best Answer
This should work. If you are using sAMAccountName as your ldap-naming-attribute, it doesn't matter what the CN looks like. the sAMAccountName should be the same as the pre windows 2000 name in the properties page of the user.
This is a working LDAP server config from my ASA