JadedFan
asked on
Configuring ASA5505 to work with Win2K3 AD with LDAP lookup
All,
I am working with another vendor to setup an ASA5505 to accept client VPN via LDAP to a Win2K3 SP2 Active Directory. The Cisco vendor tells me that, to do this properly, we need to do a few things.
1. Need an LDAP username in Account Operators AD group (to enable the password management feature)
2. For password management, LDAP server must be configured for Secure LDAP (LDAP-S on port 636) or SASL MD5
3. Fully qualified DN (all cn=, ou=, dc= fields) for the ASA username
4. Fully qualified path to user container (all ou=,dc= fields)
ASA will search for memberOf status of a group, so VPN users will need to be in a group, and I need that group name (again, fully qualified)
My question is, how to do item 2? Never done it before. Items 1, 3 and 4 are done.
Thanks in advance.
I am working with another vendor to setup an ASA5505 to accept client VPN via LDAP to a Win2K3 SP2 Active Directory. The Cisco vendor tells me that, to do this properly, we need to do a few things.
1. Need an LDAP username in Account Operators AD group (to enable the password management feature)
2. For password management, LDAP server must be configured for Secure LDAP (LDAP-S on port 636) or SASL MD5
3. Fully qualified DN (all cn=, ou=, dc= fields) for the ASA username
4. Fully qualified path to user container (all ou=,dc= fields)
ASA will search for memberOf status of a group, so VPN users will need to be in a group, and I need that group name (again, fully qualified)
My question is, how to do item 2? Never done it before. Items 1, 3 and 4 are done.
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.