Cisco Cisco Content Security Management Appliance M1070 Guía Del Usuario
9-23
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Chapter 9 LDAP Queries
Table 9-7
Default Query String and Attributes for Active Directory Server
shows the default query strings and attributes that AsyncOS uses when
it searches for group membership information on an OpenLDAP server.
Table 9-8
Default Query String and Attributes for Open LDAP Server
Server Type
Active Directory
Base DN
[blank] (You need to use a specific base DN to
find the group records.)
find the group records.)
Query string to determine if a
user is a member of a group
user is a member of a group
(&(objectClass=group)(member={u}))
Note
If your LDAP schema uses distinguished
names in the member of list instead of
usernames, you can replace
names in the member of list instead of
usernames, you can replace
{u}
with
{dn}
Query string to determine all
members of a group
members of a group
(&(objectClass=group)(cn={g}))
Attribute that holds each
member's username (or a DN
for the user's record)
member's username (or a DN
for the user's record)
member
Attribute that contains the
group name
group name
cn
Server Type
OpenLDAP
Base DN
[blank] (You need to use a specific base DN to
find the group records.)
find the group records.)
Query string to determine if a
user is a member of a group
user is a member of a group
(&(objectClass=posixGroup)(memberUid={u})
)
Query string to determine all
members of a group
members of a group
(&(objectClass=posixGroup)(cn={g}))
Attribute that holds each
member's username (or a DN
for the user's record)
member's username (or a DN
for the user's record)
memberUid
Attribute that contains the
group name
group name
cn