Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 7 Identities
Identifying Users Transparently
7-18
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Rules and Guidelines
Consider the following rules and guidelines when you identify users transparently
using Novell eDirectory:
using Novell eDirectory:
•
Novell Client must be installed on each client machine, and end users must
use it to authenticate against a Novell eDirectory server.
use it to authenticate against a Novell eDirectory server.
•
The Novell LDAP tree used by the Novell client login must be the same
LDAP tree configured in the authentication realm.
LDAP tree configured in the authentication realm.
•
If the Novell clients use multiple Novell LDAP trees, create an authentication
realm for each tree, and then create an authentication sequence that uses each
Novell LDAP authentication realm.
realm for each tree, and then create an authentication sequence that uses each
Novell LDAP authentication realm.
•
When you configure the LDAP authentication realm for Novell eDirectory,
you must specify a Bind DN for the query credentials.
you must specify a Bind DN for the query credentials.
•
Novell eDirectory must be configured to update the NetworkAddress attribute
of the user object when users login. For more information on how to do this,
see the following Novell support article:
of the user object when users login. For more information on how to do this,
see the following Novell support article:
http://www.novell.com/support/php/search.do?cmd=displayKC&docTyp
e=kc&externalId=7004564&sliceId=1&docTypeID=DT_TID_1_1&dialogID=
100407203&stateId=0%200%20100405493?
Note
Novell eDirectory versions 8.6, 8.7, and 8.8 can be configured to update
the NetworkAddress attribute.
the NetworkAddress attribute.
•
When querying Novell eDirectory, AsyncOS for Web only searches for direct
parent groups that the user belongs to. It does not search nested groups.
parent groups that the user belongs to. It does not search nested groups.
•
If your network environment includes both Novell eDirectory and Microsoft
Active Directory and users fail to login using Novell eDirectory, they can
either log into Active Directory using Basic authentication scheme or be
granted guest access. They cannot use NTLMSSP authentication scheme.
Active Directory and users fail to login using Novell eDirectory, they can
either log into Active Directory using Basic authentication scheme or be
granted guest access. They cannot use NTLMSSP authentication scheme.
•
When using DHCP to assign IP addresses to client machines, ensure the IP
address to user name mapping is updated on the Web Security appliance more
frequently than the DHCP lease. Use the
address to user name mapping is updated on the Web Security appliance more
frequently than the DHCP lease. Use the
advancedproxyconfig >
authentication
CLI command to update the mapping update interval.