Cisco Cisco Web Security Appliance S190 Guía Del Usuario
20-47
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 20 Authentication
LDAP Authentication
LDAP Group Authorization
You can use the user group membership information stored in an LDAP directory
to apply a policy group to a group of users. To do this, enable group authorization
in an LDAP authentication realm and group users by one of the following LDAP
object types:
to apply a policy group to a group of users. To do this, enable group authorization
in an LDAP authentication realm and group users by one of the following LDAP
object types:
Query Credentials
Choose whether or not the authentication server accepts
anonymous queries.
anonymous queries.
If the authentication server does accept anonymous
queries, choose Server Accepts Anonymous Queries.
queries, choose Server Accepts Anonymous Queries.
If the authentication server does not accept anonymous
queries, choose Use Bind DN and then enter the following
information:
queries, choose Use Bind DN and then enter the following
information:
•
Bind DN. The user on the external LDAP server
permitted to search the LDAP directory. Typically,
the bind DN should be permitted to search the entire
directory.
permitted to search the LDAP directory. Typically,
the bind DN should be permitted to search the entire
directory.
•
Password. The password associated with the user you
enter in the Bind DN field.
enter in the Bind DN field.
The following text lists some example users for the Bind
DN field:
DN field:
cn=administrator,cn=Users,dc=domain,dc=com
sAMAccountName=jdoe,cn=Users,dc=domain,dc=com.
sAMAccountName=jdoe,cn=Users,dc=domain,dc=com.
If the Active Directory server is used as an LDAP server,
you may also enter the Bind DN username as
“DOMAIN\username.”
you may also enter the Bind DN username as
“DOMAIN\username.”
Group
Authorization
Authorization
Choose whether or not to enable LDAP group
authorization. When you enable LDAP group
authorization, you can group users by group object or user
object.
authorization. When you enable LDAP group
authorization, you can group users by group object or user
object.
For more information on configuring this section, see
.
Setting
Description