E-18
Cisco Security Appliance Command Line Configuration Guide
OL-12172-03
Appendix E Configuring an External Server for Authorization and Authentication
Configuring an External LDAP Server
For each user authorizing to your LDAP server, define a user file. A user file defines all the security
appliance attributes and values associated with a particular user. Each user is an object of the class
User-Authorization. To define the user file, use any text editor. The file must have the extension
.ldif
.
(For an example user file, see
Robin.ldif
.)
To load the user file on the LDAP server, enter the following command on the directory where your
version of the
ldap_user
.ldif
file resides:
ldifde -i -f
ldap_user
.ldif.
For example:
ldifde -i
-f Robin.ldif
After you have created and loaded both the schema and the user file, your LDAP server is ready to
process security appliance authorization requests.
Example User File
This section provides a sample user file for the user Robin.
Robin.ldif
dn: cn=Robin,OU=People,DC=ExampleCorporation,DC=com
changetype: add
cn: Robin
Access-Hours: Corporate_time
Simultaneous-Logins: 2
IPSec-Over-UDP: TRUE
IPSec-Over-UDP-Port: 12125
IPSec-Banner1: Welcome to the Example Corporation!!!
IPSec-Banner2: Unauthorized access is prohibited!!!!!
Primary-DNS: 10.10.4.5
Secondary-DNS: 10.11.12.7
Primary-WINS: 10.20.1.44
SEP-Card-Assignment: 1
IPSec-Tunnel-Type: 2
Tunneling-Protocols: 7
Confidence-Interval: 300
IPSec-Allow-Passwd-Store: TRUE
objectClass: User-Authorization
Reviewing Examples of Active Directory Configurations
This section presents example procedures for configuring authentication and authorization on the
security appliance using the Microsoft Active Directory server. It includes the following topics:
•
Example 1: Configuring LDAP Authorization with Microsoft Active Directory (ASA/PIX)
•
Example 2: Configuring LDAP Authentication with Microsoft Active Directory
•
Example 3: LDAP Authentication and LDAP Authorization with Microsoft Active Directory
Example 1: Configuring LDAP Authorization with Microsoft Active Directory (ASA/PIX)
This example presents a configuration procedure for authentication using SDI and authorization using
LDAP and Microsoft Active Directory (AD). To execute this sample procedure, perform the following
steps:
Step 1
Using LDIF files, create the User-Authorization record on the Microsoft AD database. This record
contains the Cisco VPN authorization attributes for the user.
Summary of Contents for 500 Series
Page 38: ...Contents xxxviii Cisco Security Appliance Command Line Configuration Guide OL 12172 03 ...
Page 45: ...P A R T 1 Getting Started and General Information ...
Page 46: ......
Page 277: ...P A R T 2 Configuring the Firewall ...
Page 278: ......
Page 561: ...P A R T 3 Configuring VPN ...
Page 562: ......
Page 891: ...P A R T 4 System Administration ...
Page 892: ......
Page 975: ...P A R T 5 Reference ...
Page 976: ......