Discussions

LDAP help for a newbie

+
0 Votes
Locked

LDAP help for a newbie

MetalFR0
I have a Server 2008 R2-based AD domain, and I'm trying to get LDAP set up so I can have some level of additional authentication against my Cisco ASA for SSL-based VPN connections. Effectively, what the ASA platform (running 8.2) will allow me to do is to lock down a particular SSL VPN group policy to a specific user or user group. Thus, my IT-specific SSL group would only be available for the IT-specific AD user group I want to assign to it. Currently, anyone w/ SSL VPN rights can log in to any SSL VPN group, though obviously the standard user wouldn't have rights to log in to most resources. But the fact that they could log in & see those resources is still disconcerting.

So here's my issue - I've never messed w/ LDAP before because in all the years I've been working w/ Windows AD/NT services, I've never had occasion to. Thus, I don't have much knowledge in this area. I've got my Lightweight Directory Services set up and it all looks good from my perspective, but when I try to authenticate against it I keep getting 'Invalid Credentials' showing up. I created a specific user account underneath the 'Administrative' OU in my AD environment, initially a standard Domain User account, then an Administrator, then finally a Domain Admin for testing purposes, but to no avail. I'm not sure what I'm missing, or what I've misconfigured, if anything. Cisco suggested using the Softerra LDAP Administrator for testing purposes, which I'm using now, but it's giving me the same result.

I guess my question is, has anyone else tried this kind of integration, and if so, can anyone offer any advice or direction? Or if not, does anyone know of some really good, easy to understand resources on LDAP specific to 2008 R2?