| In this article, custom AD attribute employeeID will be used for SSL VPN authentication instead of username for demonstration. Step 1 : Configure LDAP server - Go to User & Authentication -> LDAP servers -> Create new.
- In Common Name Identifier field, mention the custom AD attribute to use for SSL VPN authentication instead of username.
- Test connectivity of server as well as for user credentials.
- Select OK.
 - Configure the member-attr to define the member attribute field to check for.
CLI: config user ldap
edit "Test"
set server "xxxxxx"
set cnid "employeeID"
set dn "DC=Aquarium,DC=com"
set type regular
set username "Aquarium\\Administrator"
set password ENC MTAwNBeeL9lePwe301w6vmLVCM
set member-attr "employeeID" <-------- Mention the custom AD attribute next
end Step 2: Configure the User Group. - Go to User & Authentication -> User Groups -> Create new.
- Remote Groups -> Add the LDAP server configured -> Select the groups.
- In order to use the employeeID as username, it is necessary to modify the group-name. This configuration is done from CLI.
CLI: config user group
edit "AD_Users" set member "Aquarium" config match edit 1 set server-name "Aquarium"
set group-name "123456789" <-------- Mention the custom AD attribute value for that User.
next
end On the AD For user Test the employee ID set is '123456789'.  
Step 3: Configure Firewall Policy. CLI: config firewall policy
edit 5
set name "SSLVPN"
set uuid 45ed780a-f5d1-51ef-99f6-e564fc1de4da
set srcintf "ssl.root"
set dstintf "SSLVPN endpoint"
set action accept
set srcaddr "SSLVPN_TUNNEL_ADDR1"
set dstaddr "SSLVPN endpoint address"
set schedule "always"
set service "ALL"
set logtraffic all
set groups "AD_Users" <-------- Mention the user group created.
next
end Testing the connection for SSL using custom AD attribute, eg: employeeID instead of username 
To check the SSL user connection, view SSL Monitor: 
| 
