Last Updated on August 3, 2021 by Admin 3
Which of the following statements is true regarding LDAP attribute maps on an ASA? (Select the best answer.)
- There is a defined limit on the number of LDAP attribute maps you can configure.
- There is a defined limit on the number of attributes that can be mapped in each LDAP attribute map.
- There is a defined limit on the number of LDAP servers to which an LDAP attribute map can be applied.
- There is a defined limit on the number of AD multivalued attributes matched by an LDAP attribute map.
Explanation:
When using Lightweight Directory Access Protocol (LDAP) attribute maps on a Cisco Adaptive Security Appliance (ASA), there is a limit on the number of Active Directory (AD) multivalued attributes matched by an LDAP attribute map. LDAP attribute maps are used to authorize virtual private network (VPN) users based on specified AD attributes, such as group membership or department name. If an LDAP query returns a multivalued attribute, such as the list of groups of which a user is a member, the ASA will match only one of the returned values to the appropriate group policy. The ASA will select the matching group policy with the least number of characters in the name and that starts with the lowest alphanumeric character.
There is no defined limit on the number of LDAP attribute maps you can configure on an ASA. Because LDAP attribute maps are dynamically allocated as they are needed, configuring a large number of attribute maps does not unnecessarily burden the ASA during normal operations. Likewise, there is no defined limit on the number of attributes that can be mapped in each LDAP attribute map.
There is no defined limit on the number of LDAP servers to which an LDAP attribute map can be applied. When an LDAP attribute map is applied to a server, the ASA only verifies that the specified attribute map exists. The same LDAP attribute map can be applied to multiple, different servers.
When using Lightweight Directory Access Protocol (LDAP) attribute maps on a Cisco Adaptive Security Appliance (ASA), there is a limit on the number of Active Directory (AD) multivalued attributes matched by an LDAP attribute map. LDAP attribute maps are used to authorize virtual private network (VPN) users based on specified AD attributes, such as group membership or department name. If an LDAP query returns a multivalued attribute, such as the list of groups of which a user is a member, the ASA will match only one of the returned values to the appropriate group policy. The ASA will select the matching group policy with the least number of characters in the name and that starts with the lowest alphanumeric character.
There is no defined limit on the number of LDAP attribute maps you can configure on an ASA. Because LDAP attribute maps are dynamically allocated as they are needed, configuring a large number of attribute maps does not unnecessarily burden the ASA during normal operations. Likewise, there is no defined limit on the number of attributes that can be mapped in each LDAP attribute map.
There is no defined limit on the number of LDAP servers to which an LDAP attribute map can be applied. When an LDAP attribute map is applied to a server, the ASA only verifies that the specified attribute map exists. The same LDAP attribute map can be applied to multiple, different servers.
Subscribe
Login
0 Comments