Cisco Cisco ASA 5512-X Adaptive Security Appliance - No Payload Encryption 기술 매뉴얼

This document describes how to use Lightweight Directory Access Protocol (LDAP) authentication
in order to assign a group policy at login. 

In order to use LDAP to assign a group policy to a user, you need to configure a map that maps an
LDAP attribute, such as the Active Directory (AD) attribute memberOf, to the IETF-Radius-Class
attribute that is understood by the ASA. Once the attribute mapping is established, you must map
the attribute value configured on the LDAP server to the name of a group policy on the ASA.

Note: The memberOf attribute corresponds to the group that the user is a a part of in the
Active Directory. It is possible for a user to be a member of more than one group in the
Active Directory. This causes multiple memberOf attributes to be sent by the server, but the
ASA can only match one attribute to one group policy.

This document requires that a working LDAP authentication setup is already configured on the
ASA. Refer to 

 in order to learn how to set up a

basic LDAP authentication configuration on the ASA.