[This is sort of a repost from "Cisco: Routers Forum"..]
Does anyone have VPN authentication working with OpenLDAP? If you have it working, did you have to add the schema with all the attributes? My goal is to just use OpenLDAP for authentication and then use the default attributes already loaded on the ASA for the 'local' users.
Anyway, when I try to authenticate against OpenLDAP the ASA sends a syslog message that the username and password are wrong.. (but they are not)..
Here is part of my config:
aaa-server companyldap protocol ldap
aaa-server companyldap host 192.168.160.10
ldap-base-dn ou=People,dc=example,dc=com
ldap-scope subtree
ldap-naming-attribute cn
ldap-login-password XXXXXXXX
ldap-login-dn uid=myuid,ou=People,dc=example,dc=com
aaa authentication ssh console LOCAL
tunnel-group vpnusers general-attributes
address-pool vpnpool
authentication-server-group companyldap
default-group-policy vpnusers
Any help would be appreciated.
Does anyone have VPN authentication working with OpenLDAP? If you have it working, did you have to add the schema with all the attributes? My goal is to just use OpenLDAP for authentication and then use the default attributes already loaded on the ASA for the 'local' users.
Anyway, when I try to authenticate against OpenLDAP the ASA sends a syslog message that the username and password are wrong.. (but they are not)..
Here is part of my config:
aaa-server companyldap protocol ldap
aaa-server companyldap host 192.168.160.10
ldap-base-dn ou=People,dc=example,dc=com
ldap-scope subtree
ldap-naming-attribute cn
ldap-login-password XXXXXXXX
ldap-login-dn uid=myuid,ou=People,dc=example,dc=com
aaa authentication ssh console LOCAL
tunnel-group vpnusers general-attributes
address-pool vpnpool
authentication-server-group companyldap
default-group-policy vpnusers
Any help would be appreciated.