Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
4-201
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Chapter 4 LDAP Queries
Alternately, you can configure one “user” dedicated solely for the purposes of
authenticating and performing queries instead of opening up your LDAP directory
server for anonymous queries from any client.
authenticating and performing queries instead of opening up your LDAP directory
server for anonymous queries from any client.
A summary of the steps is included here, specifically:
•
How to set up Microsoft Exchange 2000 server to allow “anonymous”
authentication.
authentication.
•
How to set up Microsoft Exchange 2000 server to allow “anonymous bind.”
•
How to set up IronPort AsyncOS to retrieve LDAP data from a Microsoft
Exchange 2000 server using both “anonymous bind” and “anonymous”
authentication.
Exchange 2000 server using both “anonymous bind” and “anonymous”
authentication.
Specific permissions must be made to a Microsoft Exchange 2000 server in order
to allow “anonymous” or “anonymous bind” authentication for the purpose of
querying user email addresses. This can be very useful when an LDAP query is
used to determine the validity of an income email message to the SMTP gateway.
to allow “anonymous” or “anonymous bind” authentication for the purpose of
querying user email addresses. This can be very useful when an LDAP query is
used to determine the validity of an income email message to the SMTP gateway.
Anonymous Authentication Setup
The following setup instructions allow you to make specific data available to
unauthenticated queries of Active Directory and Exchange 2000 servers in the
Microsoft Windows Active Directory. If you wish to allow “anonymous bind” to
the Active Directory, see
unauthenticated queries of Active Directory and Exchange 2000 servers in the
Microsoft Windows Active Directory. If you wish to allow “anonymous bind” to
the Active Directory, see
Step 1
Determine required Active Directory permissions.
Using the ADSI Edit snap-in or the LDP utility, you must modify the
permissions to the attributes of the following Active Directory objects:
permissions to the attributes of the following Active Directory objects:
–
The root of the domain naming context for the domain against which you
want to make queries.
want to make queries.
–
All OU and CN objects that contain users against which you wish to
query email information.
query email information.