Cisco Cisco Email Security Appliance C650 Guía Del Usuario
22-17
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 22 LDAP Queries
Working with LDAP Queries
If you entered multiple hosts in the Host Name field of the LDAP server attributes, the Cisco appliance
tests the query on each LDAP server.
tests the query on each LDAP server.
Note
The variable names you enter for queries are case-sensitive and must match your LDAP implementation
in order to work correctly. For example, entering
in order to work correctly. For example, entering
mailLocalAddress
at a prompt performs a different
query than entering
maillocaladdress
. Cisco Systems strongly recommends using the
test
subcommand of the
ldapconfig
command to test all queries you construct and ensure the proper results
are returned.
Troubleshooting Connections to LDAP Servers
If the LDAP server is unreachable by the appliance, one of the following errors will be shown:
•
Error: LDAP authentication failed: <LDAP Error "invalidCredentials" [0x31]>
•
Error: Server unreachable: unable to connect
•
Error: Server unreachable: DNS lookup failure
Table 22-1
Testing LDAP Queries
Query type
If a recipient matches (PASS)...
If a recipient does not match (FAIL)...
Recipient Acceptance
(Accept,
(Accept,
ldapaccept
)
Accept the message.
Invalid Recipient: Conversation or
delayed bounce or drop the message
per listener settings.
DHAP: Drop.
delayed bounce or drop the message
per listener settings.
DHAP: Drop.
Routing
(Routing,
ldaprouting
)
Route based on the query
settings.
settings.
Continue processing the message.
Masquerade (Masquerade,
masquerade
)
Alter the headers with the
variable mappings defined by the
query.
variable mappings defined by the
query.
Continue processing the message.
Group Membership (Group,
ldapgroup
)
Return “true” for message filter
rules.
rules.
Return “false” for message filter rules.
SMTP Auth
(SMTP Authentication,
smtpauth
)
A password is returned from the
LDAP server and is used for
authentication; SMTP
Authentication occurs.
LDAP server and is used for
authentication; SMTP
Authentication occurs.
No password match can occur; SMTP
Authentication attempts fail.
Authentication attempts fail.
External Authentication
(
(
externalauth
)
Individually returns a “match
positive” for the bind, the user
record, and the user’s group
membership.
positive” for the bind, the user
record, and the user’s group
membership.
Individually returns a “match
negative” for the bind, the user record,
and the user’s group membership.
negative” for the bind, the user record,
and the user’s group membership.
Spam Quarantine End-User
Authentication (
Authentication (
isqauth
)
Returns a “match positive” for the
end-user account.
end-user account.
No password match can occur;
End-User Authentication attempts
fail.
End-User Authentication attempts
fail.
Spam Quarantine Alias
Consolidation (
Consolidation (
isqalias
)
Returns the email address that the
consolidated spam notifications
will be sent to.
consolidated spam notifications
will be sent to.
No consolidation of spam
notifications can occur.
notifications can occur.