Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Using the ADSI Edit snap-in or the LDP utility, you must modify the permissions to the attributes 
of the following Active Directory objects.

The root of the domain naming context for the domain against which you want to make queries.

All OU and CN objects that contain users against which you wish to query email information.

The following table shows the required permissions to be applied to all of the needed containers.

Set Active Directory Permissions

Open ADSIEdit form the Windows 2000 Support Tools.

Locate the Domain Naming Context folder. This folder has the LDAP path of your domain.

Right click the Domain Naming Context folder, and then click Properties.

Click Security.

Click Advanced.

Click Add.

Click the User Object ANONYMOUS LOGON, and then click OK.

Click the Permission Type tab.

Click Inheritance from the Apply onto box.

Click to select the Allow check box for the Permission permission.

Configure the Cisco Messaging Gateway

Use the System Administration > LDAP page (or 

ldapconfig

 in the CLI) to create an LDAP server 

entry with the following information.

Hostname of an Active Directory or Exchange server

Port 3268

Base DN matching the root naming context of the domain

Authentication type password based using 

cn=anonymous

 as the user with a blank password

 Active Directory servers accept LDAP connections on ports 3268 and 389. The default port for 
accessing the global catalog is port 3268.

Active Directory servers accept LDAPS connections on ports 636 and 3269. Microsoft supports 
LDAPS on Windows Server 2003 and higher.

ANONYMOUS LOGON

List Contents

Container Objects

Object

ANONYMOUS LOGON

List Contents

Organizational Unit 
Objects

Object

ANONYMOUS LOGON

Read Public Information

User Objects

Property

ANONYMOUS LOGON

Read Phone and Mail Options

User Objects

Property