Cisco Cisco Email Security Appliance C170 Betriebsanweisung
22-42
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 22 LDAP Queries
Authenticating End-Users in the Cisco IronPort Spam Quarantine
Authenticating End-Users in the Cisco IronPort Spam
Quarantine
Quarantine
Spam quarantine end-user authentication queries validate users when they log in to the Cisco Spam
Quarantine. The token {u} specifies the user (it represents the user’s login name). The token {a}
specifies the user’s email address. The LDAP query does not strip "SMTP:" from the email address;
AsyncOS strips that portion of the address.
Quarantine. The token {u} specifies the user (it represents the user’s login name). The token {a}
specifies the user’s email address. The LDAP query does not strip "SMTP:" from the email address;
AsyncOS strips that portion of the address.
If you want the Cisco Spam Quarantine to use an LDAP query for end-user access, check the “Designate
as the active query” check box. If there is an existing active query, it is disabled. When you open the
System Administration > LDAP page, an asterix (*) is displayed next to the active queries.
as the active query” check box. If there is an existing active query, it is disabled. When you open the
System Administration > LDAP page, an asterix (*) is displayed next to the active queries.
Based on the server type, AsyncOS uses one of the following default query strings for the end-user
authentication query:
authentication query:
•
Active Directory:
(sAMAccountName={u})
•
OpenLDAP:
(uid={u})
•
Unknown or Other: [Blank]
By default, the primary email attribute is
proxyAddresses
for Active Directory servers and
mail
for
OpenLDAP servers. You can enter your own query and email attributes. To create the query from the
CLI, use the
CLI, use the
isqauth
subcommand of the
ldapconfig
command.
Note
If you want users to log in with their full email address, use
(mail=smtp:{a})
for the Query String.
For information on enabling end-user authentication for spam quarantines, see “Configuring the Cisco
Spam Quarantines Feature” in the Cisco IronPort AsyncOS for Email Daily Management Guide.
Spam Quarantines Feature” in the Cisco IronPort AsyncOS for Email Daily Management Guide.
Sample Active Directory End-User Authentication Settings
This section shows sample settings for an Active Directory server and the end-user authentication query.
This example uses password authentication for the Active Directory server, the
This example uses password authentication for the Active Directory server, the
mail
and
proxyAddresses
email attributes, and the default query string for end-user authentication for Active
Directory servers.
Table 22-11
Example LDAP Server and Spam Quarantine End-User Authentication Settings:
Active Directory
Active Directory
Authentication Method
Use Password (Need to create a low-privilege user to bind
for searching, or configure anonymous searching.)
for searching, or configure anonymous searching.)
Server Type
Active Directory
Port
3268
Base DN
[Blank]
Connection Protocol
[Blank]
Query String
(sAMAccountName={u})
Email Attribute(s)
mail,proxyAddresses