Cisco Cisco Email Security Appliance X1070 Betriebsanweisung
25-5
Cisco AsyncOS 9.0 for Email User Guide
Chapter 25 LDAP Queries
Overview of LDAP Queries
Note
When you configure a group query, you need to take additional steps to configure AsyncOS to work with
the LDAP server. For information on configuring a group query, see
the LDAP server. For information on configuring a group query, see
. When you configure an end-user
authentication or spam notification consolidation query, you must enable LDAP end-user access to the
Spam Quarantine. For more information on the Spam Quarantine, see the Spam Quarantine chapter.
Spam Quarantine. For more information on the Spam Quarantine, see the Spam Quarantine chapter.
Creating LDAP Server Profiles to Store Information About the LDAP Server
When you configure AsyncOS to use LDAP directories, you create an LDAP server profile to store the
information about the LDAP server.
information about the LDAP server.
Procedure
Step 1
On the System Administration > LDAP page, click Add LDAP Server Profile.
Step 2
Enter a name for the server profile.
Step 3
Enter the host name for the LDAP server.
You can enter multiple host names to configure the LDAP servers for failover or load-balancing.
Separate multiple entries with commas. For more information, see
Separate multiple entries with commas. For more information, see
.
Step 4
Select an authentication method. You can use anonymous authentication or specify a username and
password.
password.
Step 5
Select the LDAP server type: Active Directory, OpenLDAP, or Unknown or Other.
Step 6
Enter a port number.
The default port is 3268. This is the default port for Active Directory that enables it to access the
global catalog in a multi-server environment.
global catalog in a multi-server environment.
Step 7
Enter a Base DN (distinguishing name) for the LDAP server.
If you authenticate with a username and a password, the username must include the full DN to the
entry that contains the password. For example, a user is a member of the marketing group with an
email address of joe@example.com. The entry for this user would look like the following entry:
entry that contains the password. For example, a user is a member of the marketing group with an
email address of joe@example.com. The entry for this user would look like the following entry:
uid=joe, ou=marketing, dc=example dc=com
Step 8
Select whether to use SSL when communicating with the LDAP server.
Step 9
Under Advanced, enter cache time-to-live. This value represents the amount of time to retain caches.
Step 10
Enter the maximum number of retained cache entries.
Note
This cache is maintained per LDAP server. If you are configuring more than one LDAP servers,
you must set a smaller LDAP cache value for better performance. Also, if the memory usage of
various processes in the appliance is high, increasing this value may reduce the system
performance.
you must set a smaller LDAP cache value for better performance. Also, if the memory usage of
various processes in the appliance is high, increasing this value may reduce the system
performance.
Step 11
Enter a maximum number of simultaneous connections.