Cisco Cisco Web Security Appliance S360 Guía Del Usuario

*** No surrogate is used in this case even though cookie-based surrogate is 
configured.

The Lightweight Directory Access Protocol (LDAP) server database is a 
repository for employee directories. These directories include the names of 
employees along with various types of personal data such as a phone number, 
email address, and other information that is exclusive to the individual employee. 
The LDAP database is composed of objects containing attributes and values. Each 
object name is referred to as a distinguished name (DN). The location on the 
LDAP server where a search begins is called the Base Distinguished Name or base 
DN.

The appliance supports standard LDAP server authentication and Secure LDAP 
authentication. Support for LDAP allows established installations to continue 
using their LDAP server database to authenticate users.

For Secure LDAP, the appliance supports LDAP connections over SSL. The SSL 
protocol is an industry standard for ensuring confidentiality. SSL uses key 
encryption algorithms along with Certificate Authority (CA) signed certificates to 
provide the LDAP servers a way to verify the identity of the appliance.

AsyncOS for Web only supports 7-bit ASCII characters for passwords when using 
the Basic authentication scheme. Basic authentication fails when the password 
contains characters that are not 7-bit ASCII.

After Active Directory LDAP users change their account passwords, the Active 
Directory LDAP server authenticates them with their current or previous 
password, depending on the Active Directory server configuration. 

If you want users to only be able to authenticate with their new password, you can 
reboot the Active Directory server or, you can wait for the Active Directory server 
to time out the old passwords.