ldap attribute-map MY_MAP_NAME
map-value memberOf "CN=foo,OU=bar,DC=example,DC=com" MY_GROUP_POLICY
...the Active Directory group needs to have certain properties:
- It must be a security group with universal scope.
- Users in the group must have a primary group different from the group matched by the ASA.
- The user's primary group must have universal scope.