Configuring ASA5505 to work with Win2K3 AD with LDAP lookup
Posted on 2011-04-21
I am working with another vendor to setup an ASA5505 to accept client VPN via LDAP to a Win2K3 SP2 Active Directory. The Cisco vendor tells me that, to do this properly, we need to do a few things.
1. Need an LDAP username in Account Operators AD group (to enable the password management feature)
2. For password management, LDAP server must be configured for Secure LDAP (LDAP-S on port 636) or SASL MD5
3. Fully qualified DN (all cn=, ou=, dc= fields) for the ASA username
4. Fully qualified path to user container (all ou=,dc= fields)
ASA will search for memberOf status of a group, so VPN users will need to be in a group, and I need that group name (again, fully qualified)
My question is, how to do item 2? Never done it before. Items 1, 3 and 4 are done.
Thanks in advance.