Cisco Cisco Web Security Appliance S670 User Guide
370
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
L DA P A U T H E N T I C A T I O N
The Lightweight Directory Access Protocol (LDAP) server database is a repository for
employee directories. These directories include the names of employees along with various
types of personal data such as a phone number, email address, and other information that is
exclusive to the individual employee. The LDAP database is composed of objects containing
attributes and values. Each object name is referred to as a distinguished name (DN). The
location on the LDAP server where a search begins is called the Base Distinguished Name or
base DN.
employee directories. These directories include the names of employees along with various
types of personal data such as a phone number, email address, and other information that is
exclusive to the individual employee. The LDAP database is composed of objects containing
attributes and values. Each object name is referred to as a distinguished name (DN). The
location on the LDAP server where a search begins is called the Base Distinguished Name or
base DN.
The appliance supports standard LDAP server authentication and Secure LDAP
authentication. Support for LDAP allows established installations to continue using their
LDAP server database to authenticate users.
authentication. Support for LDAP allows established installations to continue using their
LDAP server database to authenticate users.
For Secure LDAP, the appliance supports LDAP connections over SSL. The SSL protocol is an
industry standard for ensuring confidentiality. SSL uses key encryption algorithms along with
Certificate Authority (CA) signed certificates to provide the LDAP servers a way to verify the
identity of the appliance.
industry standard for ensuring confidentiality. SSL uses key encryption algorithms along with
Certificate Authority (CA) signed certificates to provide the LDAP servers a way to verify the
identity of the appliance.
Note — AsyncOS for Web only supports 7-bit ASCII characters for passwords when using the
Basic authentication scheme. Basic authentication fails when the password contains
characters that are not 7-bit ASCII.
Basic authentication scheme. Basic authentication fails when the password contains
characters that are not 7-bit ASCII.
Changing Active Directory Passwords
After Active Directory LDAP users change their account passwords, the Active Directory
LDAP server authenticates them with their current or previous password, depending on the
Active Directory server configuration.
LDAP server authenticates them with their current or previous password, depending on the
Active Directory server configuration.
If you want users to only be able to authenticate with their new password, you can reboot the
Active Directory server or, you can wait for the Active Directory server to time out the old
passwords.
Active Directory server or, you can wait for the Active Directory server to time out the old
passwords.
LDAP Authentication Settings
Table 16-12 describes the authentication settings you define when you choose LDAP
authentication.
authentication.
Table 16-12 LDAP Authentication Settings
Setting
Description
LDAP Version
Choose the version of LDAP, and choose whether or not to use
Secure LDAP.
The appliance supports LDAP version 2, and LDAP version 3
software. Secure LDAP requires LDAP version 3.
Secure LDAP.
The appliance supports LDAP version 2, and LDAP version 3
software. Secure LDAP requires LDAP version 3.