Which of the following statements is true regarding LDAP attribute maps on an ASA? (Select the best answer.)

A.
There is a defined limit on the number of LDAP attribute maps you can configure.

B.
There is a defined limit on the number of attributes that can be mapped in each LDAP attribute map.

C.
There is a defined limit on the number of LDAP servers to which an LDAP attribute map can be applied.

D.
There is a defined limit on the number of AD multivalued attributes matched by an LDAP attribute map.

Explanation:
When using Lightweight Directory Access Protocol (LDAP) attribute maps on a Cisco Adaptive Security
Appliance (ASA), there is a limit on the number of Active Directory (AD) multivalued attributes matched by an
LDAP attribute map. LDAP attribute maps are used to authorize virtual private network (VPN) users based on
specified AD attributes, such as group membership or department name. If an LDAP query returns a
multivalued attribute, such as the list of groups of which a user is a member, the ASA will match only one of the
returned values to the appropriate group policy. The ASA will select the matching group policy with the least
number of characters in the name and that starts with the lowest alphanumeric character.
There is no defined limit on the number of LDAP attribute maps you can configure on an ASA. Because LDAP
attribute maps are dynamically allocated as they are needed, configuring a large number of attribute maps does
not unnecessarily burden the ASA during normal operations. Likewise, there is no defined limit on the number
of attributes that can be mapped in each LDAP attribute map.
There is no defined limit on the number of LDAP servers to which an LDAP attribute map can be applied. When
an LDAP attribute map is applied to a server, the ASA only verifies that the specified attribute map exists. The
same LDAP attribute map can be applied to multiple, different servers.Reference:
Cisco: ASA Use of LDAP Attribute Maps Configuration Example: FAQ