Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
Chapter 11 Common Administrative Tasks
11-60
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Figure 11-18
Enabling External Authentication
Note
To set up the appliance to use an external directory for authentication, use the
userconfig command and the external subcommand at the command line prompt.
userconfig command and the external subcommand at the command line prompt.
Enabling LDAP Authentication
In addition to using an LDAP directory to authenticate users, you can assign
LDAP groups to IronPort user roles. For example, you can assign users in the IT
group to the Administrator user role, and you can assign users in the Support
group to the Help Desk User role. If a user belongs to multiple LDAP groups with
different user roles, AsyncOS grants the user the permissions for the most
restrictive role. For example, if a user belongs to a group with Operator
permissions and a group with Help Desk User permissions, AsyncOS grants the
user the permissions for the Help Desk User role.
LDAP groups to IronPort user roles. For example, you can assign users in the IT
group to the Administrator user role, and you can assign users in the Support
group to the Help Desk User role. If a user belongs to multiple LDAP groups with
different user roles, AsyncOS grants the user the permissions for the most
restrictive role. For example, if a user belongs to a group with Operator
permissions and a group with Help Desk User permissions, AsyncOS grants the
user the permissions for the Help Desk User role.
Before enabling external authentication using LDAP, define an LDAP server
profile and an external authentication query for the LDAP server. For more
information, see the chapter on LDAP queries in the Cisco IronPort AsyncOS for
Email Advanced User Guide.
profile and an external authentication query for the LDAP server. For more
information, see the chapter on LDAP queries in the Cisco IronPort AsyncOS for
Email Advanced User Guide.
To enable external authentication using LDAP:
Step 1
On the Security Management appliance, choose Management Appliance >
System Administration > Users page.
System Administration > Users page.
Step 2
Click Enable.
The Edit External Authentication page appears.