Cisco Cisco Email Security Appliance C160 Mode D'Emploi

 shows the default query strings and attributes that AsyncOS uses when it searches for group 

membership information on an Active Directory server.

 shows the default query strings and attributes that AsyncOS uses when it searches for group 

membership information on an OpenLDAP server.

Spam quarantine end-user authentication queries validate users when they log in to the Spam Quarantine. 
The token {u} specifies the user (it represents the user’s login name). The token {a} specifies the user’s 
email address. The LDAP query does not strip "SMTP:" from the email address; AsyncOS strips that 
portion of the address.

If you want the Spam Quarantine to use an LDAP query for end-user access, check the “Designate as the 
active query” check box. If there is an existing active query, it is disabled. When you open the System 
Administration > LDAP page, an asterisk (*) is displayed next to the active queries.

Based on the server type, AsyncOS uses one of the following default query strings for the end-user 
authentication query:

Active Directory: 

(sAMAccountName={u})

OpenLDAP: 

(uid={u})

Unknown or Other: [Blank]

Active Directory

[blank] (You need to use a specific base DN to find the group 
records.)

(&(objectClass=group)(member={u}))

If your LDAP schema uses distinguished names in the 

memberOf

 list instead of usernames, you can replace 

{u}

 

with 

{dn}

.

member

cn

OpenLDAP

[blank] (You need to use a specific base DN to find the group 
records.)

(&(objectClass=posixGroup)(memberUid={u}))

memberUid

cn