1-22
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring AAA Servers and the Local Database
  Configuring AAA
hostname(config-aaa-server-group)# aaa-server LDAP (inside) host 10.1.254.91
hostname(config-aaa-server-host)# ldap-base-dn CN=Users,DC=cisco,DC=local
hostname(config-aaa-server-host)# ldap-scope subtree
hostname(config-aaa-server-host)# ldap-login-password test
hostname(config-aaa-server-host)# ldap-login-dn 
CN=Administrator,CN=Users,DC=cisco,DC=local
hostname(config-aaa-server-host)# server-type auto-detect
hostname(config-aaa-server-host)# ldap-attribute-map MGMT
The following example shows how to display the complete list of Cisco LDAP attribute names:
hostname(config)# ldap attribute-map att_map_1
hostname(config-ldap-attribute-map)# map-name att_map_1?
ldap mode commands/options:
cisco-attribute-names:
  Access-Hours                                  
  Allow-Network-Extension-Mode                  
  Auth-Service-Type                             
  Authenticated-User-Idle-Timeout               
  Authorization-Required                        
  Authorization-Type                            
:
:
  X509-Cert-Data
hostname(config-ldap-attribute-map)#
Adding a User Account to the Local Database
This section describes how to manage users in the local database.
To add a user to the local database, perform the following steps:
Guidelines
The local database is used for the following features:
• ASDM per-user access
• Console authentication
• Telnet and SSH authentication.
• enable command authentication
This setting is for CLI-access only and does not affect the ASDM login.
• Command authorization 
If you turn on command authorization using the local database, then the ASA refers to the user 
privilege level to determine which commands are available. Otherwise, the privilege level is not 
generally used. By default, all commands are either privilege level 0 or level 15.
• Network access authentication
• VPN client authentication
For multiple context mode, you can configure usernames in the system execution space to provide 
individual logins at the CLI using the login command; however, you cannot configure any AAA rules 
that use the local database in the system execution space.