Here are some details regards our RSA case - http://kb.pulsesecure.net/KB23202
In general just configure AD as LDAP server and as result it will be available under RSA -Directory/Attribute drop list.
It works for my configuration for 20 RSA roles based on AD groups memberships.
Hope it helps.
Ok, I have done this, but I still don't get it to work. I have:
* RSA as Authentication Server
* LDAP (AD) as Directory/Atribute Server
Then I try to log in to the realm by using my AD credentials. It takes a while and then tells me wrong username/password. I don't get to see anything where I could enter my tokencode, I am not prompted for it.
On the RSA console I can see the user trying to logon but failed due to "Authentication method failed".
The SSL VPN logs say that "there is no node verification file". I assume this is usually automatically created upon first successfull authentication.
Crypto, if you have your RSA/ACE server as your first authentication server and you have AD/LDAP as your authorization server, you will not be challenged for your AD credentials. Instead, you will be challened for your RSA/ACE credentials. Then, the IVE will use the credentials that you specify in the AD/LDAP Auth server config to query Active Directory for your account's group memberships and attributes.
If you also want to be challenged for your AD credentials (after the RSA credentials), you need to select your AD/LDAP auth server as a secondary authentication server.
I'm sorry if I'm misinterpreting what you're trying to do. I hope this helps.
Thanks. I am now able to authenticate using tokens. There was a problem with the RSA configuration. I will try to implement LDAP/AD challenge as well next.