Cisco Cisco Web Security Appliance S360 User Guide
8-17
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 8 Identities
Identifying Users Transparently
Configuring Transparent User Identification
Step 1
Create an LDAP authentication realm for a Novell eDirectory server. Configure the realm to use Version
3 and to “Support Novell eDirectory.”
3 and to “Support Novell eDirectory.”
Step 2
Define an Identity group that identifies users transparently using Novell eDirectory:
a.
In the Identification and Authentication section, select Identify Users Transparently.
b.
Select the LDAP authentication realm that supports Novell eDirectory.
c.
Configure all other Identity options as desired.
Step 3
Create policies that use the Identity for transparent user identification.
Related topics
•
•
•
Using the CLI to Configure Transparent User Identification
AsyncOS for Web includes the following CLI commands to use with transparent user identification:
•
tuiconfig. This command allows you to configure some settings associated with transparent user
identification. You can use this command in batch mode.
identification. You can use this command in batch mode.
–
Configure mapping timeout for AD agent. Enter the timeout value for how long AsyncOS
caches the IP address to user mapping for an IP address as retrieved from the Active Directory
agent when there are no updates from the agent.
caches the IP address to user mapping for an IP address as retrieved from the Active Directory
agent when there are no updates from the agent.
–
Configure mapping timeout for Novell eDirectory. Enter the timeout value for how long
AsyncOS caches the IP address to user mapping for an IP address as retrieved from the Novell
eDirectory server when there are no updates from the server.
AsyncOS caches the IP address to user mapping for an IP address as retrieved from the Novell
eDirectory server when there are no updates from the server.
–
Configure query wait time for AD agent. Enter the time to wait for a reply from the Active
Directory agent in seconds. When the query takes more than the timeout value, transparent user
identification is considered to have failed. This limits the authentication delay experienced by
the end user.
Directory agent in seconds. When the query takes more than the timeout value, transparent user
identification is considered to have failed. This limits the authentication delay experienced by
the end user.
–
Configure query wait time for Novell eDirectory. Enter the time to wait for a reply from the
Novell eDirectory server in seconds. When the query takes more than the timeout value,
transparent user identification is considered to have failed. This limits the authentication delay
experienced by the end user.
Novell eDirectory server in seconds. When the query takes more than the timeout value,
transparent user identification is considered to have failed. This limits the authentication delay
experienced by the end user.
•
tuistatus. This command includes the following subcommands:
–
adagentstatus. This command displays the current status of all Active Directory agents as well
as information about their connections with the Windows domain controllers.
as information about their connections with the Windows domain controllers.
–
listlocalmappings. This command lists all entries in the IP address to user name mapping stored
on the Web Security appliance as retrieved from the Active Directory agent. It does not list
entries stored in the Active Directory agent.
on the Web Security appliance as retrieved from the Active Directory agent. It does not list
entries stored in the Active Directory agent.