Cisco Cisco Email Security Appliance C650 Guía Del Usuario
26-41
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 26 LDAP Queries
Configuring External LDAP Authentication for Users
•
[Informational] Unsuccessful SMTP Authentication attempts — including the user authenticated
and the mechanism used.
and the mechanism used.
•
[Warning] Inability to connect to the authentication server — including the server name and the
mechanism.
mechanism.
•
[Warning] A time-out event when the forwarding server (talking to an upstream, injecting appliance)
times out while waiting for an authentication request.
times out while waiting for an authentication request.
Configuring External LDAP Authentication for Users
You can configure the appliance to use an LDAP directory on your network to authenticate users by
allowing them to log in with their LDAP usernames and passwords. After you configure the
authentication queries for the LDAP server, enable the appliance to use external authentication on the
System Administration > Users page in the GUI (or use the
allowing them to log in with their LDAP usernames and passwords. After you configure the
authentication queries for the LDAP server, enable the appliance to use external authentication on the
System Administration > Users page in the GUI (or use the
userconfig
command in the CLI).
Procedure
Step 1
Create a query to find user accounts. In an LDAP server profile, create a query to search for user
accounts in the LDAP directory.
accounts in the LDAP directory.
Step 2
Create group membership queries. Create a query to determine if a user is a member of a directory
group.
group.
Step 3
Set up external authentication to use the LDAP server. Enable the appliance to use the LDAP server
for user authentication and assign user roles to the groups in the LDAP directory. For more information,
see “Adding Users” in the “Distributing Administrative Tasks” chapter.
for user authentication and assign user roles to the groups in the LDAP directory. For more information,
see “Adding Users” in the “Distributing Administrative Tasks” chapter.
Note
Use the Test Query button on the LDAP page (or the
ldaptest
command) to verify that your queries
return the expected results. For more information, see
.
Related Topics
•
•
User Accounts Query
To authenticate external users, AsyncOS uses a query to search for the user record in the LDAP directory
and the attribute that contains the user’s full name. Depending on the server type you select, AsyncOS
enters a default query and a default attribute. You can choose to have your appliance deny users with
expired accounts if you have attributes defined in RFC 2307 in your LDAP user records
(
and the attribute that contains the user’s full name. Depending on the server type you select, AsyncOS
enters a default query and a default attribute. You can choose to have your appliance deny users with
expired accounts if you have attributes defined in RFC 2307 in your LDAP user records
(
shadowLastChange
,
shadowMax
, and
shadowExpire
). The base DN is required for the domain level
where user records reside.