Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
22-7
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 22 LDAP Queries
Overview of LDAP Queries
Step 2
Select the IP interface to use for LDAP traffic. The appliance automatically chooses an interface by
default.
default.
Step 3
Select the TLS certificate to use for the LDAP interface (TLS certificates added via the Network >
Certificates page or the
Certificates page or the
certconfig
command in the CLI are available in the list, see
).
Step 4
Submit and commit your changes.
Example of Creating an LDAP Server Profile
In the following example, the System Administration > LDAP page is used to define an LDAP server for
the appliance to bind to, and queries for recipient acceptance, routing, and masquerading are configured.
the appliance to bind to, and queries for recipient acceptance, routing, and masquerading are configured.
Note
There is a 60 second connection attempt time-out for LDAP connections (which covers the DNS lookup,
the connection itself, and, if applicable, the authentication bind for the appliance itself). After the first
failure, AsyncOS immediately starts trying other hosts in the same server (if you specified more than
one in the comma separated list). If you only have one host in the server, AsyncOS continues attempting
to connect to it.
the connection itself, and, if applicable, the authentication bind for the appliance itself). After the first
failure, AsyncOS immediately starts trying other hosts in the same server (if you specified more than
one in the comma separated list). If you only have one host in the server, AsyncOS continues attempting
to connect to it.
Figure 22-2
Configuring an LDAP Server Profile (1 of 2)
First, the nickname of “PublicLDAP” is given for the
myldapserver.example.com
LDAP server. The
number of connections is set to 10 (the default), and the multiple LDAP server (hosts) load balance
option is left as the default. You can specify multiple hosts here by providing a comma separated list of
names. Queries are directed to port 3268 (the default). SSL is not enabled as the connection protocol for
this host. The base DN of
option is left as the default. You can specify multiple hosts here by providing a comma separated list of
names. Queries are directed to port 3268 (the default). SSL is not enabled as the connection protocol for
this host. The base DN of
example.com
is defined (
dc=example,dc=com
). The cache time-to-live is set to
900 seconds, the maximum number of cache entries is 10000, and the authentication method is set to
password.
password.
Queries for recipient acceptance, mail routing, and masquerading are defined. Remember that query
names are case-sensitive and must match exactly in order to return the proper results.
names are case-sensitive and must match exactly in order to return the proper results.