Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
3-13
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
If your directory contains multiple domains you may find it inconvenient to enter a single BASE for your
queries. In this case, when configuring the LDAP server settings, set the base to NONE. This will,
however, make your searches inefficient.
queries. In this case, when configuring the LDAP server settings, set the base to NONE. This will,
however, make your searches inefficient.
LDAP Query Syntax
Spaces are allowed in LDAP paths, and they do not need to be quoted. The CN and DC syntax is not
case-sensitive.
case-sensitive.
Cn=First Last,oU=user,dc=domain,DC=COM
The variable names you enter for queries are case-sensitive and must match your LDAP implementation
in order to work correctly. For example, entering
in order to work correctly. For example, entering
mailLocalAddress
at a prompt performs a different
query than entering
maillocaladdress
.
Tokens:
You can use the following tokens in your LDAP queries:
•
{a} username@domainname
•
{d} domainname
•
{dn} distinguished name
•
{g} groupname
•
{u} username
•
{f} MAIL FROM: address
Note
The {f} token is valid in acceptance queries only.
For example, you might use the following query to accept mail for an Active Directory LDAP server:
(|(mail={a})(proxyAddresses=smtp:{a}))
Note
Cisco Systems strongly recommends using the Test feature of the LDAP page (or the
test
subcommand
of the
ldapconfig
command) to test all queries you construct and ensure that expected results are
returned before you enable LDAP functionality on a listener. See
for
more information.
Secure LDAP (SSL)
You can use instruct AsyncOS to use SSL when communicating with the LDAP server. If you configure
your LDAP server profile to use SSL:
your LDAP server profile to use SSL:
•
AsyncOS will use the LDAPS certificate configured via
certconfig
in the CLI (see
).
You may have to configure your LDAP server to support using the LDAPS certificate.
•
If an LDAPS certificate has not been configured, AsyncOS will use the demo certificate.