Cisco Cisco Email Security Appliance C680 User Guide
26-14
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 26 LDAP Queries
Working with LDAP Queries
Routing Queries
There is no recursion limit for LDAP routing queries; the routing is completely data driven. However,
AsyncOS does check for circular reference data to prevent the routing from looping infinitely.
AsyncOS does check for circular reference data to prevent the routing from looping infinitely.
Allowing Clients to Bind to the LDAP Server Anonymously
You may need to configure your LDAP directory server to allow for anonymous queries. (That is, clients
can bind to the server anonymously and perform queries.) For specific instructions on configuring Active
Directory to allow anonymous queries, see the “Microsoft Knowledge Base Article - 320528” at the
following URL:
can bind to the server anonymously and perform queries.) For specific instructions on configuring Active
Directory to allow anonymous queries, see the “Microsoft Knowledge Base Article - 320528” at the
following URL:
Alternately, you can configure one “user” dedicated solely for the purposes of authenticating and
performing queries instead of opening up your LDAP directory server for anonymous queries from any
client.
performing queries instead of opening up your LDAP directory server for anonymous queries from any
client.
A summary of the steps is included here, specifically:
•
How to set up Microsoft Exchange 2000 server to allow “anonymous” authentication.
•
How to set up Microsoft Exchange 2000 server to allow “anonymous bind.”
•
How to set up AsyncOS to retrieve LDAP data from a Microsoft Exchange 2000 server using both
“anonymous bind” and “anonymous” authentication.
“anonymous bind” and “anonymous” authentication.
Specific permissions must be made to a Microsoft Exchange 2000 server in order to allow “anonymous”
or “anonymous bind” authentication for the purpose of querying user email addresses. This can be very
useful when an LDAP query is used to determine the validity of an income email message to the SMTP
gateway.
or “anonymous bind” authentication for the purpose of querying user email addresses. This can be very
useful when an LDAP query is used to determine the validity of an income email message to the SMTP
gateway.
Related Topics
•
•
•
Anonymous Authentication Setup
The following setup instructions allow you to make specific data available to unauthenticated queries of
Active Directory and Exchange 2000 servers in the Microsoft Windows Active Directory. If you wish to
allow “anonymous bind” to the Active Directory, see
Active Directory and Exchange 2000 servers in the Microsoft Windows Active Directory. If you wish to
allow “anonymous bind” to the Active Directory, see
Procedure
Step 1
Determine required Active Directory permissions.
Using the ADSI Edit snap-in or the LDP utility, you must modify the permissions to the attributes
of the following Active Directory objects:
of the following Active Directory objects:
–
The root of the domain naming context for the domain against which you want to make queries.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B320528