Cisco Cisco Web Security Appliance S160 User Guide

User Authentication

Enter values for the following fields:

Base Distinguished Name (Base DN) 

The LDAP database is a tree-type directory structure and the appliance uses the 
Base DN to navigate to the correct location in the LDAP directory tree to begin 
a search. A valid Base DN filter string is composed of one or more components 
of the form 

object-value.

 For example 

dc=companyname, dc=com

.

User Name Attribute 

Choose one of the following values:

uid, cn, and sAMAccountName. Unique identifiers in the LDAP directory 
that specify a username.

custom. A custom identifier such as 

UserAccount

.

User Filter Query 

The User Filter Query is an LDAP search filter that locates the users Base DN. 
This is required if the user directory is in a hierarchy below the Base DN, or 
if the login name is not included in the user-specific component of that users 
Base DN.

Choose one of the following values:

none. Filters any user.

custom. Filters a particular group of users. 

Query Credentials

Choose whether or not the authentication server accepts anonymous queries.

If the authentication server does accept anonymous queries, choose Server 
Accepts Anonymous Queries.

If the authentication server does not accept anonymous queries, choose Use 
Bind DN and then enter the following information:

Bind DN. The user on the external LDAP server permitted to search the 
LDAP directory. Typically, the bind DN should be permitted to search the 
entire directory.

Passphrase. The passphrase associated with the user you enter in the 
Bind DN field.

The following text lists some example users for the Bind DN field:

cn=administrator,cn=Users,dc=domain,dc=com 
sAMAccountName=jdoe,cn=Users,dc=domain,dc=com.

If the LDAP server is an Active Directory server, you may also enter the Bind 
DN username as “DOMAIN\username.”