Cisco Cisco Web Security Appliance S670 User Guide

(Optional) Enable Group Authorization via group object or user object and complete the settings for the 
chosen option accordingly:

Group Membership 
Attribute Within Group 
Object

Choose the LDAP attribute which lists all users that belong to this group.

Choose one of the following values:

member and uniquemember. Unique identifiers in the LDAP 
directory that specify group members.

custom. A custom identifier such as 

UserInGroup

.

Attribute that Contains 
the Group Name

Choose the LDAP attribute which specifies the group name that can be 
used in the policy group configuration. 

Choose one of the following values:

cn. A unique identifier in the LDAP directory that specifies the name 
of a group.

custom. A custom identifier such as 

FinanceGroup

.

Query String to 
Determine if Object 
is a Group

Choose an LDAP search filter that determines if an LDAP object represents 
a user group.

Choose one of the following values:

objectclass=groupofnames 

objectclass=groupofuniquenames 

objectclass=group 

custom. A custom filter such as 

objectclass=person

.

Note: The query defines the set of authentication groups which can be used 
in policy groups.

Group Membership 
Attribute Within 
User Object

Choose the attribute which list all the groups that this user belongs to.

Choose one of the following values:

memberOf. Unique identifiers in the LDAP directory that specify user 
members.

custom. A custom identifier such as 

UserInGroup

.

Group Membership 
Attribute is a DN

Specify whether the group membership attribute is a distinguished name 
(DN) which refers to an LDAP object. For Active Directory servers, enable 
this option.

When this is enabled, you must configure the subsequent settings.