I've been trying to figure this one out for a while now and it's starting to get a little frustrating.
We have a ASA 5510 which uses an Ubuntu (8.04) LDAP server to authenticate VPN users. This works fine, but we would like to control VPN access via group so that not all users automatically get VPN access.
I've spent many hours trying to figure out how to use ASA LDAP attribute maps, adding the memberOf objectclass to LDAP etc. etc.
I'm now thinking of changing tack entirely and setting up a Radius server to act as a translator between LDAP and the Cisco. I have no experience of Radius servers whatsoever. I've googled around a bit and freeradius seems to be very popular. I'd like to set it up as an Ubuntu VM.
Any input/advice would be most welcome. How are your systems setup? What works well?
One thing we can't change and that's the LDAP backend. It's far too embedded into the architecture of the company setup.