Cisco Cisco FirePOWER Appliance 8250
48-26
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
This example shows a connection using a base distinguished name of
OU=security,
DC
=it,
DC
=example,
DC
=com
for the security organization in the information technology
domain of the Example company.
However, because this server is a Microsoft Active Directory server, it uses the
sAMAccountName
attribute
to store user names rather than the
uid
attribute. Selecting the MS Active Directory server type and
clicking
Set Defaults
sets the UI Access Attribute to
sAMAccountName
. As a result, the FireSIGHT System
checks the
sAMAccountName
attribute for each object for matching user names when a user attempts to
log into the FireSIGHT System.
In addition, a
Shell Access Attribute
of
sAMAccountName
causes each
sAMAccountName
attribute to be
checked for all objects in the directory for matches when a user logs into a shell account on the appliance.
Note that because no base filter is applied to this server, the FireSIGHT System checks attributes for all
objects in the directory indicated by the base distinguished name. Connections to the server time out
after the default time period (or the timeout period set on the LDAP server).
objects in the directory indicated by the base distinguished name. Connections to the server time out
after the default time period (or the timeout period set on the LDAP server).
Example: Advanced LDAP Configuration
License:
Any
This example illustrates an advanced configuration of an LDAP login authentication object for a
Microsoft Active Directory Server. The LDAP server in this example has an IP address of 10.11.3.4. The
connection uses port 636 for access.
Microsoft Active Directory Server. The LDAP server in this example has an IP address of 10.11.3.4. The
connection uses port 636 for access.
This example shows a connection using a base distinguished name of
OU=security,
DC
=it,
DC
=example,
DC
=com
for the security organization in the information technology
domain of the Example company. However, note that this server has a base filter of
(cn=*smith)
. The
filter restricts the users retrieved from the server to those with a common name ending in
smith
.