Cisco Cisco Email Security Appliance C650 Guía Del Usuario
22-45
Cisco AsyncOS 8.0 for Email User Guide
Chapter 22 LDAP Queries
Identifying a Sender’s User Distinguished Name for RSA Enterprise Manager
Identifying a Sender’s User Distinguished Name for RSA
Enterprise Manager
Enterprise Manager
the Email Security appliance must include the complete distinguished names for the message senders when it sends DLP
incident data to Enterprise Manager. To acquire the sender name for Enterprise Manager, create a user distinguished name
query for your LDAP server and add the query to the listeners that send outgoing messages on your Email Security appliance.
The Email Security appliance only uses this query when RSA Enterprise Manager is enabled for DLP. Otherwise, it does not
appear as an option for the server profile.
Sample User Distinguished Name Settings
This section shows sample settings for an Active Directory server and the user distinguished name query.
This example uses anonymous authentication for the Active Directory server and a query string for user
distinguished name retrieval for Active Directory servers.
This example uses anonymous authentication for the Active Directory server and a query string for user
distinguished name retrieval for Active Directory servers.
Configuring AsyncOS To Work With Multiple LDAP Servers
When you configure an LDAP profile, you can configure the Cisco appliance to connect to a list of
multiple LDAP servers. To use multiple LDAP servers, you must configure LDAP servers to contain the
same information, use the same structure, and use the same authentication information. (third party
products exist that can consolidate the records).
multiple LDAP servers. To use multiple LDAP servers, you must configure LDAP servers to contain the
same information, use the same structure, and use the same authentication information. (third party
products exist that can consolidate the records).
When you configure the Cisco appliance to connect to redundant LDAP servers, you can configure the
LDAP configuration for failover or load balancing.
LDAP configuration for failover or load balancing.
You can use multiple LDAP servers to achieve the following results:
•
Failover. When you configure the LDAP profile for failover, the Cisco appliance fails over to the
next LDAP server in the list if it cannot connect to the first LDAP server.
next LDAP server in the list if it cannot connect to the first LDAP server.
•
Load Balancing. When you configure the LDAP profile for load balancing, the Cisco appliance
distributes connections across the list of LDAP servers when it performs LDAP queries.
distributes connections across the list of LDAP servers when it performs LDAP queries.
You can configure redundant LDAP servers from the System Administration > LDAP page or from the
CLI
CLI
ldapconfig
command.
Table 22-15
Example LDAP Server and Spam Quarantine Alias Consolidation Settings: Active
Directory
Directory
Authentication Method
Anonymous
Server Type
Active Directory
Port
3268
Base DN
[Blank]
Connection Protocol
Use SSL
Query String
(proxyAddresses=smtp:{a})