Loading The Schema In The Ldap Server - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring an External LDAP Server
Loading the Schema in the LDAP Server
The directions in this section are specific to the Microsoft Active Directory LDAP server. If you have a
Note
different type of server, refer to your server documentation for information on loading a schema.
To load the schema on the LDAP server, enter the following command from the directory where the
schema file resides:
Defining User Permissions
The directions in this section are specific to the Microsoft Active Directory LDAP server. If you have a
Note
different type of server, see your server documentation to define and load user attributes.
For each user authorizing to your LDAP server, define a user file. A user file defines all the security
appliance attributes and values associated with a particular user. Each user is an object of the class
cVPN3000-User-Authorization. To define the user file, use any text editor. The file must have the
extension
To load the user file on the LDAP server, enter the following command on the directory where your
version of the
-f Robin.ldif
After you have created and loaded both the schema and the user file, your LDAP server is ready to
process security appliance authorization requests.
Example User File
This section provides a sample user file for the user Robin.
Robin.ldif
dn: cn=Robin,OU=People,DC=ExampleCorporation,DC=com
changetype: add
cn: Robin
CVPN3000-Access-Hours: Corporate_time
cVPN3000-Simultaneous-Logins: 2
cVPN3000-IPSec-Over-UDP: TRUE
CVPN3000-IPSec-Over-UDP-Port: 12125
cVPN3000-IPSec-Banner1: Welcome to the Example Corporation!!!
cVPN3000-IPSec-Banner2: Unauthorized access is prohibited!!!!!
cVPN3000-Primary-DNS: 10.10.4.5
CVPN3000-Secondary-DNS: 10.11.12.7
CVPN3000-Primary-WINS: 10.20.1.44
CVPN3000-SEP-Card-Assignment: 1
CVPN3000-IPSec-Tunnel-Type: 2
CVPN3000-Tunneling-Protocols: 7
cVPN3000-Confidence-Interval: 300
cVPN3000-IPSec-Allow-Passwd-Store: TRUE
objectClass: cVPN3000-User-Authorization
Cisco Security Appliance Command Line Configuration Guide
E-18
ldifde -i -f Schema Name
. (For an example user file, see Robin.ldif.)
.ldif
file resides:
ldap_user.ldif
Appendix E
Configuring an External Server for Authorization and Authentication
. For example:
ldifde -i -f ldap_user.ldif.
ldifde -i -f 3k_schema.ldif
For example:
ldifde -i
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
