Cisco Cisco Content Security Management Appliance M390 Guía Del Usuario
11-5
AsyncOS 8.3.6 for Cisco Content Security Management User Guide
Chapter 11 Integrating with LDAP
Configuring LDAP Queries
Tokens
You can use the following tokens in your LDAP queries:
•
{a} username@domainname
•
{d} domain
•
{dn} distinguished name
•
{g} group name
•
{u} user name
•
{f} MAILFROM: address
Note
The {f} token is valid in acceptance queries only.
For example, you might use the following query to accept mail for an Active Directory LDAP server:
(|(mail={a})(proxyAddresses=smtp:{a}))
(|(mail={a})(proxyAddresses=smtp:{a}))
Note
We strongly recommend using the Test feature of the LDAP page (or the test subcommand of the
ldapconfig command) to test all queries you construct and ensure that expected results are returned
before you enable LDAP functionality on a listener. See the
ldapconfig command) to test all queries you construct and ensure that expected results are returned
before you enable LDAP functionality on a listener. See the
for more information.
Spam Quarantine End-User Authentication Queries
End-user authentication queries validate users when they log in to the spam quarantine. The token {u}
specifies the user (it represents the user’s login name). The token {a} specifies the user’s email address.
The LDAP query does not strip "SMTP:" from the email address; AsyncOS strips that portion of the
address.
specifies the user (it represents the user’s login name). The token {a} specifies the user’s email address.
The LDAP query does not strip "SMTP:" from the email address; AsyncOS strips that portion of the
address.
Based on the server type, AsyncOS uses one of the following default query strings for the end-user
authentication query:
authentication query:
•
Active Directory:
(sAMAccountName={u})
•
OpenLDAP:
(uid={u})
•
Unknown or Other: [Blank]
By default, the primary email attribute is mail. You can enter your own query and email attributes. To
create the query in the CLI, use the
create the query in the CLI, use the
isqauth
subcommand of the ldapconfig command.
Note
If you want users to log in with their full email addresses, use
(mail=smtp:{a})
for the query string.