Cisco Cisco Email Security Appliance C650 Guía Del Usuario
26-23
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 26 LDAP Queries
Using Group LDAP Queries to Determine if a Recipient is a Group Member
Using Group LDAP Queries to Determine if a Recipient is a Group
Member
Member
You can define a query to your LDAP servers to determine if a recipient is a member of a group as
defined by your LDAP directory.
defined by your LDAP directory.
Procedure
Step 1
Create a message filter that uses a
rcpt-to-group
or
mail-from-group
rule to act upon the message.
Step 2
Then, use the System Administration > LDAP page (or the
ldapconfig
command) to define the LDAP
server for the appliance to bind to and configure a query for a group membership.
Step 3
Use the Network > Listeners page (or the
listenerconfig -> edit -> ldapgroup
subcommand) to
enable the group query for the listener.
Related Topics
•
•
•
Sample Group Queries
For example, suppose that your LDAP directory classifies members of the “Marketing” group as
ou=Marketing
. You can use this classification to treat messages sent to or from members of this group
in a special way. Step 1 creates a message filter to act upon the message, and Steps 2 and 3 enable the
LDAP lookup mechanism.
LDAP lookup mechanism.
Configuring a Group Query
In the following example, mail from members of the Marketing group (as defined by the LDAP group
“Marketing”) will be delivered to the alternate delivery host
“Marketing”) will be delivered to the alternate delivery host
marketingfolks.example.com
.
Table 26-5
Example LDAP Query Strings for Common LDAP Implementation: Group
Query for:
Group
OpenLDAP
OpenLDAP does not support the
memberOf
attribute
by default. Your LDAP Administrator may add this
attribute or a similar attribute to the schema.
attribute or a similar attribute to the schema.
Microsoft Active Directory
(&(memberOf={g})(proxyAddresses=smtp:{a}))
SunONE Directory Server
(&(memberOf={g})(mailLocalAddress={a}))