Cisco Cisco Content Security Management Appliance M1070 User Guide
11-3
AsyncOS 8.3 for Cisco Content Security Management User Guide
Chapter 11 Integrating with LDAP
Creating the LDAP Server Profile
Note
You need to configure LDAP authentication to view client user IDs instead of client IP addresses on
reports. Without LDAP authentication the system can only refer to users by their IP address. Choose the
Use Password radio button, and enter the User name and password. The user name will now be seen on
the Internal Users Summary page.
reports. Without LDAP authentication the system can only refer to users by their IP address. Choose the
Use Password radio button, and enter the User name and password. The user name will now be seen on
the Internal Users Summary page.
Step 6
Select the LDAP server type: Active Directory, OpenLDAP, or Unknown or Other.
Step 7
Enter a port number.
The default port is 3268. This is the default port for Active Directory that enables it to access the global
catalog in a multi-server environment.
catalog in a multi-server environment.
Step 8
Enter a base DN (distinguishing name) for the LDAP server.
If you authenticate with a user name and a password, the user name must include the full DN to the entry
that contains the password. For example, a user with an email address of joe@example.com is a user of
the marketing group. The entry for this user would look like the following entry:
that contains the password. For example, a user with an email address of joe@example.com is a user of
the marketing group. The entry for this user would look like the following entry:
uid=joe, ou=marketing, dc=example dc=com
Step 9
Under Advanced, select whether to use SSL when communicating with the LDAP server.
Step 10
Enter the cache time-to-live. This value represents the amount of time to retain caches.
Step 11
Enter the maximum number of retained cache entries.
Step 12
Enter a maximum number of simultaneous connections.
If you configure the LDAP server profile for load balancing, these connections are distributed among the
listed LDAP servers. For example, if you configure 10 simultaneous connections and load balance the
connections over three servers, AsyncOS creates 10 connections to each server, for a total of 30
connections. For more information, see
listed LDAP servers. For example, if you configure 10 simultaneous connections and load balance the
connections over three servers, AsyncOS creates 10 connections to each server, for a total of 30
connections. For more information, see
Note
The maximum number of simultaneous connections includes LDAP connections used for LDAP
queries. However, if you enable LDAP authentication for the spam quarantine, the appliance
allows 20 additional connections for the end user quarantine for a total of 30 connections.
queries. However, if you enable LDAP authentication for the spam quarantine, the appliance
allows 20 additional connections for the end user quarantine for a total of 30 connections.
Step 13
Test the connection to the server by clicking the Test Server(s) button. If you specified multiple LDAP
servers, they are all tested. The results of the test appear in the Connection Status field. For more
information, see
servers, they are all tested. The results of the test appear in the Connection Status field. For more
information, see
.
Step 14
Create spam quarantine queries by selecting the check box and completing the fields.
You can configure the quarantine end-user authentication query to validate users when they log in to the
end-user quarantine. You can configure the alias consolidation query so that end-users do not receive
quarantine notices for each email alias. To use these queries, select the “Designate as the active query”
check box. For more information, see
end-user quarantine. You can configure the alias consolidation query so that end-users do not receive
quarantine notices for each email alias. To use these queries, select the “Designate as the active query”
check box. For more information, see
.
Step 15
Test the spam quarantine queries by clicking the Test Query button.
Enter the test parameters and click Run Test. The results of the test appear in the Connection Status field.
If you make any changes to the query definition or attributes, click Update.
If you make any changes to the query definition or attributes, click Update.
Note
If you have configured the LDAP server to allow binds with empty passwords, the query can pass
the test with an empty password field.
the test with an empty password field.
Step 16
Submit and commit your changes.