Cisco Cisco Content Security Management Appliance M1070 Guía Del Usuario
9-21
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Chapter 9 LDAP Queries
Note
Use the Test Query button on the LDAP page (or the
ldaptest
command) to
verify that your queries return the expected results. For more information, see
User Accounts Query
To authenticate external users, AsyncOS uses a query to search for the user record
in the LDAP directory and the attribute that contains the user’s full name.
Depending on the server type you select, AsyncOS enters a default query and a
default attribute. You can choose to have your appliance deny users with expired
accounts if you have attributes defined in RFC 2307 in your LDAP user records
(shadowLastChange, shadowMax, and shadowExpire). The base DN is
required for the domain level where user records reside.
in the LDAP directory and the attribute that contains the user’s full name.
Depending on the server type you select, AsyncOS enters a default query and a
default attribute. You can choose to have your appliance deny users with expired
accounts if you have attributes defined in RFC 2307 in your LDAP user records
(shadowLastChange, shadowMax, and shadowExpire). The base DN is
required for the domain level where user records reside.
shows the default query string and full username attribute that AsyncOS
uses when it searches for a user account on an Active Directory server.
Table 9-5
Default Query String for Active Directory Server
shows the default query string and full username attribute that AsyncOS
uses when it searches for a user account on an OpenLDAP server.
Table 9-6
Default Query String for Open LDAP Server
Server Type
Active Directory
Base DN
[blank] (You need to use a specific base DN to
find the user records.)
find the user records.)
Query String
(&(objectClass=user)(sAMAccountName={u}))
Attribute containing the user’s
full name
full name
displayName
Server Type
OpenLDAP
Base DN
[blank] (You need to use a specific
base DN to find the user records.)
base DN to find the user records.)