Cisco Cisco Web Security Appliance S370 사용자 가이드
20-12
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 20 Authentication
Authentication Realms
Step 6
Click Start Test.
Step 7
Submit and commit your changes.
User Authentication
Enter values for the following fields:
Base Distinguished Name (Base DN)
The LDAP database is a tree-type directory structure and the appliance uses the
Base DN to navigate to the correct location in the LDAP directory tree to begin
a search. A valid Base DN filter string is composed of one or more components
of the form
Base DN to navigate to the correct location in the LDAP directory tree to begin
a search. A valid Base DN filter string is composed of one or more components
of the form
object-value.
For example
dc=companyname, dc=com
.
User Name Attribute
Choose one of the following values:
•
uid, cn, and sAMAccountName. Unique identifiers in the LDAP directory
that specify a username.
that specify a username.
•
custom. A custom identifier such as
UserAccount
.
User Filter Query
The User Filter Query is an LDAP search filter that locates the users Base DN.
This is required if the user directory is in a hierarchy below the Base DN, or if
the login name is not included in the user-specific component of that users Base
DN.
This is required if the user directory is in a hierarchy below the Base DN, or if
the login name is not included in the user-specific component of that users Base
DN.
Choose one of the following values:
•
none. Filters any user.
•
custom. Filters a particular group of users.
Query Credentials
Choose whether or not the authentication server accepts anonymous queries.
If the authentication server does accept anonymous queries, choose Server
Accepts Anonymous Queries.
Accepts Anonymous Queries.
If the authentication server does not accept anonymous queries, choose Use
Bind DN and then enter the following information:
Bind DN and then enter the following information:
•
Bind DN. The user on the external LDAP server permitted to search the
LDAP directory. Typically, the bind DN should be permitted to search the
entire directory.
LDAP directory. Typically, the bind DN should be permitted to search the
entire directory.
•
Password. The password associated with the user you enter in the Bind DN
field.
field.
The following text lists some example users for the Bind DN field:
cn=administrator,cn=Users,dc=domain,dc=com
sAMAccountName=jdoe,cn=Users,dc=domain,dc=com.
sAMAccountName=jdoe,cn=Users,dc=domain,dc=com.
If the Active Directory server is used as an LDAP server, you may also enter
the Bind DN username as “DOMAIN\username.”
the Bind DN username as “DOMAIN\username.”
Group Authorization
Choose whether or not to enable LDAP group authorization. When you enable
LDAP group authorization, you can group users by group object or user object.
LDAP group authorization, you can group users by group object or user object.
Setting
Description