Cisco Cisco Web Security Appliance S670 User Guide

Enter the LDAP authentication settings:

LDAP Version

Choose the version of LDAP, and choose whether or not to use Secure LDAP. 

The appliance supports LDAP versions 2 and 3. Secure LDAP requires LDAP 
version 3.

Choose whether or not this LDAP server supports Novell eDirectory to use with 
transparent user identification. 

LDAP Server

Enter the LDAP server IP address or hostname and its port number. You can 
specify up to three servers.

The hostname must be a fully-qualified domain name. For example, 

ldap.example.com

. An IP address is required only if the DNS servers 

configured on the appliance cannot resolve the LDAP server hostname.

The default port number for Standard LDAP is 389. The default number for 
Secure LDAP is 636.

If the LDAP server is an Active Directory server, enter the hostname or IP 
address and the port of the domain controller here. Whenever possible, enter the 
name of the Global Catalog Server and use port 3268. However, you might want 
to use a local domain controller when the global catalog server is physically far 
away and you know you only need to authenticate users on the local domain 
controller.

Note: When you configure multiple authentication servers in the realm, the 
appliance attempts to authorize with up to three authentication servers before 
failing to authenticate the transaction within that realm.

LDAP Persistent 
Connections

(under the Advanced 
section)

Choose one of the following values:

Use persistent connections (unlimited). Use existing connections. If no 
connections are available a new connection is opened.

Use persistent connections. Use existing connections to service the 
number of requests specified. When the maximum is reached, establish a 
new connection to the LDAP server.

Do not use persistent connections. Always create a new connection to the 
LDAP server.