Cisco Cisco Web Security Appliance S170 Guida Utente
5-17
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
LDAP Persistent
Connections
Connections
(under the
Advanced section)
Advanced section)
Choose one of the following values:
•
Use persistent connections (unlimited). Use existing connections. If no
connections are available a new connection is opened.
connections are available a new connection is opened.
•
Use persistent connections. Use existing connections to service the
number of requests specified. When the maximum is reached, establish a
new connection to the LDAP server.
number of requests specified. When the maximum is reached, establish a
new connection to the LDAP server.
•
Do not use persistent connections. Always create a new connection to the
LDAP server.
LDAP server.
User Authentication
Enter values for the following fields:
Base Distinguished Name (Base DN)
The LDAP database is a tree-type directory structure and the appliance uses the
Base DN to navigate to the correct location in the LDAP directory tree to begin
a search. A valid Base DN filter string is composed of one or more components
of the form
Base DN to navigate to the correct location in the LDAP directory tree to begin
a search. A valid Base DN filter string is composed of one or more components
of the form
object-value.
For example
dc=companyname, dc=com
.
User Name Attribute
Choose one of the following values:
•
uid, cn, and sAMAccountName. Unique identifiers in the LDAP directory
that specify a username.
that specify a username.
•
custom. A custom identifier such as
UserAccount
.
User Filter Query
The User Filter Query is an LDAP search filter that locates the users Base DN.
This is required if the user directory is in a hierarchy below the Base DN, or
if the login name is not included in the user-specific component of that users
Base DN.
This is required if the user directory is in a hierarchy below the Base DN, or
if the login name is not included in the user-specific component of that users
Base DN.
Choose one of the following values:
•
none. Filters any user.
•
custom. Filters a particular group of users.
Query Credentials
Choose whether or not the authentication server accepts anonymous queries.
If the authentication server does accept anonymous queries, choose Server
Accepts Anonymous Queries.
Accepts Anonymous Queries.
If the authentication server does not accept anonymous queries, choose Use
Bind DN and then enter the following information:
Bind DN and then enter the following information:
•
Bind DN. The user on the external LDAP server permitted to search the
LDAP directory. Typically, the bind DN should be permitted to search the
entire directory.
LDAP directory. Typically, the bind DN should be permitted to search the
entire directory.
•
Password. The password associated with the user you enter in the
Bind DN field.
Bind DN field.
The following text lists some example users for the Bind DN field:
cn=administrator,cn=Users,dc=domain,dc=com
sAMAccountName=jdoe,cn=Users,dc=domain,dc=com.
sAMAccountName=jdoe,cn=Users,dc=domain,dc=com.
If the LDAP server is an Active Directory server, you may also enter the Bind
DN username as “DOMAIN\username.”
DN username as “DOMAIN\username.”
Setting
Description