Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
3-47
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Figure 3-16
SMTP Auth Support: LDAP Directory Store or SMTP Server
Configured SMTP Authentication methods are then used to create SMTP Auth
profiles via the
profiles via the
smtpauthconfig
command for use within HAT mail flow policies
(see
).
Configuring SMTP Authentication
If you are going to authenticate with an LDAP server, select the SMTPAUTH
query type on the Add or Edit LDAP Server Profile pages (or in the
query type on the Add or Edit LDAP Server Profile pages (or in the
ldapconfig
command) to create an SMTP Authentication query. For each LDAP server you
configure, you can configure a SMTPAUTH query to be used as an SMTP
Authentication profile.
configure, you can configure a SMTPAUTH query to be used as an SMTP
Authentication profile.
There are two kinds of SMTP authentication queries: LDAP bind and Password
as attribute. When you use password as attribute, the Cisco IronPort appliance will
fetch the password field in the LDAP directory. The password may be stored in
plain text, encrypted, or hashed.When you use LDAP bind, the IronPort appliance
attempts to log into the LDAP server using the credentials supplied by the client.
as attribute. When you use password as attribute, the Cisco IronPort appliance will
fetch the password field in the LDAP directory. The password may be stored in
plain text, encrypted, or hashed.When you use LDAP bind, the IronPort appliance
attempts to log into the LDAP server using the credentials supplied by the client.
Specifying a Password as Attribute
The convention in OpenLDAP, based on RFC 2307, is that the type of coding is
prefixed in curly braces to the encoded password (for example,
“{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=”). In this example, the password
portion is a base64 encoding of a plain text password after application of SHA.
prefixed in curly braces to the encoded password (for example,
“{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=”). In this example, the password
portion is a base64 encoding of a plain text password after application of SHA.