Cisco Cisco Content Security Management Appliance M160 ユーザーガイド
Chapter 9 LDAP Queries
9-8
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Spam Quarantine End-User Authentication Queries
End-user authentication queries validate users when they log in to the Cisco
IronPort Spam Quarantine. The token {u} specifies the user (it represents the
user’s login name). The token {a} specifies the user’s email address. The LDAP
query does not strip "SMPT:" from the email address; AsyncOS strips that portion
of the address.
IronPort Spam Quarantine. The token {u} specifies the user (it represents the
user’s login name). The token {a} specifies the user’s email address. The LDAP
query does not strip "SMPT:" from the email address; AsyncOS strips that portion
of the address.
Based on the server type, AsyncOS uses one of the following default query strings
for the end-user authentication query:
for the end-user authentication query:
•
Active Directory:
(sAMAccountName={u})
•
OpenLDAP:
(uid={u})
•
Unknown or Other: [Blank]
By default, the primary email attribute is mail. You can enter your own query and
email attributes. To create the query in the CLI, use the
email attributes. To create the query in the CLI, use the
isqauth
subcommand of
the ldapconfig command.
Note
If you want users to log in with their full email addresses, use
(mail=smtp:{a})
for the query string.
Sample Active Directory End-User Authentication Settings
This section shows sample settings for an Active Directory server and the
end-user authentication query. This example uses password authentication for the
Active Directory server, the default query string for end-user authentication for
Active Directory servers, and the
end-user authentication query. This example uses password authentication for the
Active Directory server, the default query string for end-user authentication for
Active Directory servers, and the
mail
and
proxyAddresses
email attributes.
Table 9-1
Example LDAP Server and Spam Quarantine End-User Authentication Settings:
Active Directory
Active Directory
Authentication Method
Use Password
(Need to create a low-privilege user to bind for searching, or
configure anonymous searching.)
configure anonymous searching.)
Server Type
Active Directory
Port
3268
Base DN
[Blank]