Hello,
I try to implement the mapping of AD groups to TACAS+ groups.
Witch AuthAttrDef memberOf,tacacsgroup,reply will be the complete LDAP string
delivered:
tacacsgroup = CN=ASAADMINS,DC=adtest,DC=corporate,DC=net
My question: it is possible to strip all the unnecessary parts to deliver
"ASAA
Hello Waldemar -
On 27 Sep 2010, at 18:40,
wrote:
> Hello,
>
> I try to implement the mapping of AD groups to TACAS+ groups.
>
> Witch AuthAttrDef memberOf,tacacsgroup,reply will be the complete LDAP string
> delivered:
> tacacsgroup = CN=ASAADMINS,DC=adtest,DC=corporate,DC=net
>
>
Hello Waldemar -
If you already know the group from the SearchFilter query, you can just use an
AddToReply like this:
###
Identifier ASA-Admin
Hostw3kvm.adtest.corporate.net
HoldS
