Cisco Cisco Web Security Appliance S170 Guía Del Usuario
20-43
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 20 Authentication
LDAP Authentication
*** No surrogate is used in this case even though cookie-based surrogate is
configured.
configured.
LDAP Authentication
The Lightweight Directory Access Protocol (LDAP) server database is a
repository for employee directories. These directories include the names of
employees along with various types of personal data such as a phone number,
email address, and other information that is exclusive to the individual employee.
The LDAP database is composed of objects containing attributes and values. Each
object name is referred to as a distinguished name (DN). The location on the
LDAP server where a search begins is called the Base Distinguished Name or base
DN.
repository for employee directories. These directories include the names of
employees along with various types of personal data such as a phone number,
email address, and other information that is exclusive to the individual employee.
The LDAP database is composed of objects containing attributes and values. Each
object name is referred to as a distinguished name (DN). The location on the
LDAP server where a search begins is called the Base Distinguished Name or base
DN.
The appliance supports standard LDAP server authentication and Secure LDAP
authentication. Support for LDAP allows established installations to continue
using their LDAP server database to authenticate users.
authentication. Support for LDAP allows established installations to continue
using their LDAP server database to authenticate users.
For Secure LDAP, the appliance supports LDAP connections over SSL. The SSL
protocol is an industry standard for ensuring confidentiality. SSL uses key
encryption algorithms along with Certificate Authority (CA) signed certificates to
provide the LDAP servers a way to verify the identity of the appliance.
protocol is an industry standard for ensuring confidentiality. SSL uses key
encryption algorithms along with Certificate Authority (CA) signed certificates to
provide the LDAP servers a way to verify the identity of the appliance.
Note
AsyncOS for Web only supports 7-bit ASCII characters for passwords when using
the Basic authentication scheme. Basic authentication fails when the password
contains characters that are not 7-bit ASCII.
the Basic authentication scheme. Basic authentication fails when the password
contains characters that are not 7-bit ASCII.
Changing Active Directory Passwords
After Active Directory LDAP users change their account passwords, the Active
Directory LDAP server authenticates them with their current or previous
password, depending on the Active Directory server configuration.
Directory LDAP server authenticates them with their current or previous
password, depending on the Active Directory server configuration.
If you want users to only be able to authenticate with their new password, you can
reboot the Active Directory server or, you can wait for the Active Directory server
to time out the old passwords.
reboot the Active Directory server or, you can wait for the Active Directory server
to time out the old passwords.