1-18
Cisco ASA Series CLI Configuration Guide
 
Appendix 1      Configuring an External Server for Authorization and Authentication
  Configuring an External LDAP Server
Figure 1-4 Banner Displayed
Placing LDAP Users in a Specific Group Policy
The following example shows how to authenticate User1 on the AD LDAP server to a specific group 
policy on the ASA. On the server, use the Department field of the Organization tab to enter the name of 
the group policy. Then create an attribute map and map Department to the Cisco attribute 
IETF-Radius-Class. During authentication, the ASA retrieves the value of Department from the server, 
maps the value to the IETF-Radius-Class, and places User1 in the group policy. 
This example applies to any connection type, including the IPsec VPN client, AnyConnect SSL VPN 
client, or clientless SSL VPN. In this example, User1 is connecting through a clientless SSL VPN 
connection. 
To configure the attributes for the user on the AD LDAP server, perform the following steps:
Step 1 Right-click the user. 
The Properties dialog box appears (see Figure 1-5). 
Step 2 Click the Organization tab and enter Group-Policy-1 in the Department field.