Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
11-4
AsyncOS 8.1 for Cisco Content Security Management User Guide
Chapter 11 Integrating with LDAP
Step 16
Submit and commit your changes.
Active Directory server configurations do not allow authentication through TLS with Windows 2000.
This is a known issue with Active Directory. TLS authentication for Active Directory and Windows 2003
does work.
This is a known issue with Active Directory. TLS authentication for Active Directory and Windows 2003
does work.
Note
Although the number of server configurations is unlimited, you can configure only one end-user
authentication query and one alias consolidation query per server.
authentication query and one alias consolidation query per server.
Testing LDAP Servers
Use the Test Server(s) button on the Add/Edit LDAP Server Profile page (or the
test
subcommand of
the
ldapconfig
command in the CLI) to test the connection to the LDAP server. AsyncOS displays a
message stating whether the connection to the server port succeeded or failed. If you configured multiple
LDAP servers, AsyncOS tests each server and displays individual results.
LDAP servers, AsyncOS tests each server and displays individual results.
Configuring LDAP Queries
The following sections provide the default query strings and configuration details for each type of
Cisco IronPort Spam Quarantine query:
Cisco IronPort Spam Quarantine query:
•
Spam quarantine end-user authentication query. For more information, see the
•
Spam quarantine alias consolidation query. For more information, see
.
To have the quarantine use an LDAP query for end-user access or spam notifications, select the
“Designate as the active query” check box. You can designate one end-user authentication query to
control quarantine access and one alias consolidation query for spam notifications. Any existing active
queries are disabled. On the Security Management appliance, choose Management Appliance > System
Administration > LDAP page, an asterisk (*) is displayed next to the active queries.
“Designate as the active query” check box. You can designate one end-user authentication query to
control quarantine access and one alias consolidation query for spam notifications. Any existing active
queries are disabled. On the Security Management appliance, choose Management Appliance > System
Administration > LDAP page, an asterisk (*) is displayed next to the active queries.
You can also specify a domain-based query or chain query as an active end-user access or spam
notification query. For more information, see
notification query. For more information, see
and
Note
Use the Test Query button on the LDAP page (or the ldaptest command) to verify that your queries
return the expected results.
return the expected results.
LDAP Query Syntax
Spaces are allowed in LDAP paths, and they do not need to be quoted. The CN and DC syntax is not
case-sensitive.
case-sensitive.
Cn=First Last,oU=user,dc=domain,DC=COM