Example 2: Configuring Ldap Authentication With Microsoft Active Directory - Cisco FirePOWER ASA 5500 series Configuration Manual

Appendix E Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
hostname(config-aaa-server-host)# ldap-naming-attribute cn
hostname(config-aaa-server-host)# ldap-login-password anypassword
hostname(config-aaa-server-host)# ldap-login-dn cn=Administrator,cn=Users,
dc=frdevtestad,dc=local
hostname(config-aaa-server-host)# ldap-attribute-map LdapSvrName
hostname(config-aaa-server-host)#
Create a tunnel group that specifies SDI Authentication and LDAP authorization, as shown in the
Step 4
following example commands:
hostname(config)# tunnel-group ipsec-tunnelgroup type ipsec-ra
hostname(config)# tunnel-group ipsec-tunnelgroup general-attributes
hostname(config)# authentication-server-group sdi-group
hostname(config)# authorization-server-group ldap-authorize-group
hostname(config)#
Note This example does not show the configuration for sdi-group.

Example 2: Configuring LDAP Authentication with Microsoft Active Directory

This example presents a configuration procedure for LDAP authentication with Microsoft Active
Directory. To secure the user credentials during transmission, this procedure configures the security
appliance to exchange messages with the LDAP directory over a SSL connection. It also configures the
security appliance to interpret the department attribute in the Microsoft AD user record as the group
policy to which the user is assigned. The authorization attributes for this group are retrieved from a
RADIUS server.
View the user records by clicking the User folder in the Active Directory Users and Computers window
as shown in Figure E-3.
Figure E-3 Active Directory Users and Computers Window Showing User Folder
Cisco Security Appliance Command Line Configuration Guide
E-20
OL-10088-01