Cisco Cisco Content Security Management Appliance M1070 Guida Utente
10-11
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 10 Integrating with LDAP
When you create a chain query, all of its component queries have the same query type. After you select
a query type, the query field drop-down lists display the appropriate queries from the LDAP.
a query type, the query field drop-down lists display the appropriate queries from the LDAP.
Step 6
Select the first query in the chain.
The Cisco IronPort appliance runs the queries in the order you configure them. If you add multiple
queries to the chain query, you might want to order them so that general queries follow granular queries.
queries to the chain query, you might want to order them so that general queries follow granular queries.
Figure 10-2
Example Chain Query
Step 7
Test the query by clicking the Test Query button and entering a user login and password or an email
address in the Test Parameters fields. The results appear in the Connection Status field.
address in the Test Parameters fields. The results appear in the Connection Status field.
Step 8
Check the Designate as the active query check box if you want the Cisco IronPort Spam Quarantine to
use the domain query.
use the domain query.
Note
The chain query becomes the active LDAP query for the specified query type. For example, if
the chain query is used for end-user authentication, it becomes the active end-user authentication
query for the Cisco IronPort Spam Quarantine.
the chain query is used for end-user authentication, it becomes the active end-user authentication
query for the Cisco IronPort Spam Quarantine.
Step 9
Submit and commit your changes.
Note
To do the same configuration on the command line interface, type the
advanced
subcommand of the
ldapconfig
command at the command line prompt.
Configuring AsyncOS to Work With Multiple LDAP Servers
When you configure an LDAP server profile, you can configure the Cisco IronPort appliance to connect
to a list of multiple LDAP servers. If you use multiple LDAP servers, they need to contain the same
information, have the same structure, and use the same authentication information. Third-party products
exist that can consolidate the records.
to a list of multiple LDAP servers. If you use multiple LDAP servers, they need to contain the same
information, have the same structure, and use the same authentication information. Third-party products
exist that can consolidate the records.
You configure the Cisco IronPort appliance to connect to redundant LDAP servers to use the following
features:
features:
•
Failover. If the Cisco IronPort appliance cannot connect to an LDAP server, it connects to the next
server in the list.
server in the list.
•
Load Balancing. The Cisco IronPort appliance distributes connections across the list of LDAP
servers when it performs LDAP queries.
servers when it performs LDAP queries.
You can configure redundant LDAP servers on the Management Appliance > System Administration >
LDAP page or by using the CLI
LDAP page or by using the CLI
ldapconfig
command.