Configuring ASA5505 to work with Win2K3 AD with LDAP lookup

Posted on 2011-04-21
Last Modified: 2012-05-11

I am working with another vendor to setup an ASA5505 to accept client VPN via LDAP to a Win2K3 SP2 Active Directory.  The Cisco vendor tells me that, to do this properly, we need to do a few things.
1.  Need an LDAP username in Account Operators AD group (to enable the password management feature)
2.  For password management, LDAP server must be configured for Secure LDAP (LDAP-S on port 636) or SASL MD5
3.  Fully qualified DN (all cn=, ou=, dc= fields) for the ASA username
4.  Fully qualified path to user container (all ou=,dc= fields)
    ASA will search for memberOf status of a group, so VPN users will need to be in a group, and I need that group name (again, fully qualified)

My question is, how to do item 2?  Never done it before.  Items 1, 3 and 4 are done.

Thanks in advance.
Question by:JadedFan
    1 Comment
    LVL 35

    Accepted Solution


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now