Cisco Cisco ASA 5510 Adaptive Security Appliance Leaflet

사용자 정의 맵 값 부서를 사용자 정의 특성 값 및 Cisco 특성 값에 매핑합니다.

user-attribute-name Cisco-attribute-name

예:

ciscoasa(config-ldap-attribute-map)# map-value department Engineering group1

서버 및 해당 서버가 속한 AAA 서버 그룹을 식별합니다.

server_group [interface_name] host server_ip

예:

ciscoasa(config)# aaa-server ldap_dir_1 host 10.1.1.4

특성 맵을 LDAP 서버에 바인딩합니다.

예:

ciscoasa(config-aaa-server-host)# ldap-attribute-map att_map_1

다음 예에서는 accessType이라는 LDAP 특성을 기반으로 ASA에 대한 관리 세션을 제한하는 방

법을 보여 줍니다. accessType 특성은 다음 값 중 하나를 가질 수 있습니다.

   VPN

   admin

   helpdesk

다음 예에서는 각 값이 ASA에서 지원하는 유효한 IETF-Radius-Service-Type 특성, 즉 

remote-access (Service-Type 5) Outbound, admin (Service-Type 6) Administrative, nas-prompt 
(Service-Type 7) NAS Prompt 

중 하나에 매핑되는 방법을 보여 줍니다.

ciscoasa(config)# ldap attribute-map MGMT

ciscoasa(config-ldap-attribute-map)# map-name accessType IETF-Radius-Service-Type

ciscoasa(config-ldap-attribute-map)# map-value accessType VPN 5

ciscoasa(config-ldap-attribute-map)# map-value accessType admin 6

ciscoasa(config-ldap-attribute-map)# map-value accessType helpdesk 7

ciscoasa(config-ldap-attribute-map)# aaa-server LDAP protocol ldap

ciscoasa(config-aaa-server-group)# aaa-server LDAP (inside) host 10.1.254.91

ciscoasa(config-aaa-server-host)# ldap-base-dn CN=Users,DC=cisco,DC=local

ciscoasa(config-aaa-server-host)# ldap-scope subtree

ciscoasa(config-aaa-server-host)# ldap-login-password test

ciscoasa(config-aaa-server-host)# ldap-login-dn 

ciscoasa(config-aaa-server-host)# server-type auto-detect

ciscoasa(config-aaa-server-host)# ldap-attribute-map MGMT

다음 예에서는 Cisco LDAP 특성 이름의 전체 목록을 표시하는 방법을 보여 줍니다.

ciscoasa(config)# ldap attribute-map att_map_1

ciscoasa(config-ldap-attribute-map)# map-name att_map_1?

ldap mode commands/options:

cisco-attribute-names:

  Access-Hours 

  Allow-Network-Extension-Mode