Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
11-4
AsyncOS 8.3.6 for Cisco Content Security Management User Guide
Chapter 11 Integrating with LDAP
Configuring LDAP Queries
Active Directory server configurations do not allow authentication through TLS with Windows 2000.
This is a known issue with Active Directory. TLS authentication for Active Directory and Windows 2003
does work.
This is a known issue with Active Directory. TLS authentication for Active Directory and Windows 2003
does work.
Note
Although the number of server configurations is unlimited, you can configure only one end-user
authentication query and one alias consolidation query per server.
authentication query and one alias consolidation query per server.
Testing LDAP Servers
Use the Test Server(s) button on the Add/Edit LDAP Server Profile page (or the
test
subcommand of
the
ldapconfig
command in the CLI) to test the connection to the LDAP server. AsyncOS displays a
message stating whether the connection to the server port succeeded or failed. If you configured multiple
LDAP servers, AsyncOS tests each server and displays individual results.
LDAP servers, AsyncOS tests each server and displays individual results.
Configuring LDAP Queries
The following sections provide the default query strings and configuration details for each type of spam
quarantine query:
quarantine query:
•
Spam quarantine end-user authentication query. For more information, see the
•
Spam quarantine alias consolidation query. For more information, see
.
To have the quarantine use an LDAP query for end-user access or spam notifications, select the
“Designate as the active query” check box. You can designate one end-user authentication query to
control quarantine access and one alias consolidation query for spam notifications. Any existing active
queries are disabled. On the Security Management appliance, choose Management Appliance > System
Administration > LDAP page, an asterisk (*) is displayed next to the active queries.
“Designate as the active query” check box. You can designate one end-user authentication query to
control quarantine access and one alias consolidation query for spam notifications. Any existing active
queries are disabled. On the Security Management appliance, choose Management Appliance > System
Administration > LDAP page, an asterisk (*) is displayed next to the active queries.
You can also specify a domain-based query or chain query as an active end-user access or spam
notification query. For more information, see
notification query. For more information, see
and
Note
Use the Test Query button on the LDAP page (or the ldaptest command) to verify that your queries
return the expected results.
return the expected results.
LDAP Query Syntax
Spaces are allowed in LDAP paths, and they do not need to be quoted. The CN and DC syntax is not
case-sensitive.
case-sensitive.
Cn=First Last,oU=user,dc=domain,DC=COM
The variable names you enter for queries are case-sensitive and must match your LDAP implementation
in order to work correctly. For example, entering mailLocalAddress at a prompt performs a different
query than entering maillocaladdress.
in order to work correctly. For example, entering mailLocalAddress at a prompt performs a different
query than entering maillocaladdress.