Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
26-43
Cisco AsyncOS 9.5 for Email User Guide
Chapter 26 LDAP Queries
Authenticating End-Users of the Spam Quarantine
Authenticating End-Users of the Spam Quarantine
Spam quarantine end-user authentication queries validate users when they log in to the Spam Quarantine.
The token {u} specifies the user (it represents the user’s login name). The token {a} specifies the user’s
email address. The LDAP query does not strip "SMTP:" from the email address; AsyncOS strips that
portion of the address.
The token {u} specifies the user (it represents the user’s login name). The token {a} specifies the user’s
email address. The LDAP query does not strip "SMTP:" from the email address; AsyncOS strips that
portion of the address.
If you want the Spam Quarantine to use an LDAP query for end-user access, check the “Designate as the
active query” check box. If there is an existing active query, it is disabled. When you open the System
Administration > LDAP page, an asterisk (*) is displayed next to the active queries.
active query” check box. If there is an existing active query, it is disabled. When you open the System
Administration > LDAP page, an asterisk (*) is displayed next to the active queries.
Based on the server type, AsyncOS uses one of the following default query strings for the end-user
authentication query:
authentication query:
•
Active Directory:
(sAMAccountName={u})
•
OpenLDAP:
(uid={u})
•
Unknown or Other: [Blank]
By default, the primary email attribute is
proxyAddresses
for Active Directory servers and
mail
for
OpenLDAP servers. You can enter your own query and email attributes. To create the query from the
CLI, use the
CLI, use the
isqauth
subcommand of the
ldapconfig
command.
Note
If you want users to log in with their full email address, use
(mail=smtp:{a})
for the Query String.
Related Topics
•
•
•
•
Sample Active Directory End-User Authentication Settings
This section shows sample settings for an Active Directory server and the end-user authentication query.
This example uses password authentication for the Active Directory server, the
This example uses password authentication for the Active Directory server, the
mail
and
proxyAddresses
email attributes, and the default query string for end-user authentication for Active
Directory servers.
Table 26-11
Example LDAP Server and Spam Quarantine End-User Authentication Settings:
Active Directory
Active Directory
Authentication Method
Use Password (Need to create a low-privilege user to bind
for searching, or configure anonymous searching.)
for searching, or configure anonymous searching.)
Server Type
Active Directory
Port
3268
Base DN
[Blank]
Connection Protocol
[Blank]
Query String
(sAMAccountName={u})
Email Attribute(s)
mail,proxyAddresses