Cisco Cisco Email Security Appliance C160 Mode D'Emploi

26-23

Cisco AsyncOS 9.5 for Email User Guide

Chapter 26 LDAP Queries

Using Group LDAP Queries to Determine if a Recipient is a Group Member

Using Group LDAP Queries to Determine if a Recipient is a Group
Member

You can define a query to your LDAP servers to determine if a recipient is a member of a group as
defined by your LDAP directory.

Procedure

Step 1

Create a message filter that uses a

rcpt-to-group

mail-from-group

rule to act upon the message.

Step 2

Then, use the System Administration > LDAP page (or the

ldapconfig

command) to define the LDAP

server for the appliance to bind to and configure a query for a group membership.

Step 3

Use the Network > Listeners page (or the

listenerconfig -> edit -> ldapgroup

subcommand) to

enable the group query for the listener.

Related Topics

•

Sample Group Queries, page 26-23

•

Configuring a Group Query, page 26-23

•

Example: Using a Group Query to Skip Spam and Virus Checking, page 26-25

Sample Group Queries

For example, suppose that your LDAP directory classifies members of the “Marketing” group as

ou=Marketing

. You can use this classification to treat messages sent to or from members of this group

in a special way. Step 1 creates a message filter to act upon the message, and Steps 2 and 3 enable the
LDAP lookup mechanism.

Configuring a Group Query

In the following example, mail from members of the Marketing group (as defined by the LDAP group
“Marketing”) will be delivered to the alternate delivery host

marketingfolks.example.com

Table 26-5

Example LDAP Query Strings for Common LDAP Implementation: Group

Query for:

Group

OpenLDAP

OpenLDAP does not support the

memberOf

attribute

by default. Your LDAP Administrator may add this
attribute or a similar attribute to the schema.

Microsoft Active Directory

(&(memberOf={g})(proxyAddresses=smtp:{a}))

SunONE Directory Server

(&(memberOf={g})(mailLocalAddress={a}))