Cisco Cisco Email Security Appliance X1070 Mode D'Emploi
3-27
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Note
When you create domain-based queries, you cannot select different types of queries. Once you
select a query type, the Cisco IronPort appliance populates the query field with queries of that
type from the available server profiles.
select a query type, the Cisco IronPort appliance populates the query field with queries of that
type from the available server profiles.
Step 6
In the Domain Assignments field, enter a domain.
Step 7
Select a query to associate with the domain.
Step 8
Continue to add rows until you have added all the domains to your query.
Step 9
You can enter a default query to run if all other queries fail. If you do not want to enter a default query,
select None.
select None.
Step 10
Test the query by clicking the Test Query button and entering a user login and password or an email
address to test in the Test Parameters fields. The results appear in the Connection Status field.
address to test in the Test Parameters fields. The results appear in the Connection Status field.
Step 11
Optionally, if you use the {f} token in an acceptance query, you can add an envelope sender address to
the test query.
the test query.
Note
Once you create the domain-based query, you need to associate it with a public or private
listener.
listener.
Step 12
Submit and commit your changes.
Chain Queries
A chain query is a series of LDAP queries that the Cisco IronPort appliance attempts to run in succession.
The Cisco IronPort appliance attempts to run each query in the “chain” until the LDAP server returns a
positive response (or the final query in the “chain” returns a negative response or fails). Chain queries
can be useful if entries in your LDAP directory use different attributes to store similar (or the same)
values. For example, you might have used the attributes
The Cisco IronPort appliance attempts to run each query in the “chain” until the LDAP server returns a
positive response (or the final query in the “chain” returns a negative response or fails). Chain queries
can be useful if entries in your LDAP directory use different attributes to store similar (or the same)
values. For example, you might have used the attributes
maillocaladdress
and
mail
to store user email
addresses. To ensure that your queries run against both these attributes, you can use chain queries.
To configure chain queries, complete the following steps:
Step 1
Create server profiles for each of the queries you want to use in the chain queries. For each of the server
profiles, configure the queries you want to use for a chain query. For more information, see
profiles, configure the queries you want to use for a chain query. For more information, see
.
Step 2
Create the chain query. For more information, see
Step 3
Enable the chain query on the public or private listener. For more information about configuring
listeners, see “Configuring the Gateway to Receive Mail” in the Cisco IronPort AsyncOS for Email
Configuration Guide.
listeners, see “Configuring the Gateway to Receive Mail” in the Cisco IronPort AsyncOS for Email
Configuration Guide.
Note
You can also enable domain-based queries for LDAP end-user access or spam notifications for the Cisco
IronPort Spam Quarantine. For more information, see “Configuring the Cisco IronPort Spam
Quarantines Feature” in the Cisco IronPort AsyncOS for Email Daily Management Guide.
IronPort Spam Quarantine. For more information, see “Configuring the Cisco IronPort Spam
Quarantines Feature” in the Cisco IronPort AsyncOS for Email Daily Management Guide.