Cisco Cisco Web Security Appliance S370 Guia Do Utilizador
20-30
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 20 Authentication
LDAP Authentication
describes the group object settings.
describes the user object settings.
Table 20-13
LDAP Group Authorization—Group Object Settings
Group Object Setting
Description
Group Membership
Attribute Within Group
Object
Attribute Within Group
Object
Choose the LDAP attribute which lists all users that belong to this group.
Choose one of the following values:
•
member and uniquemember. Unique identifiers in the LDAP
directory that specify group members.
directory that specify group members.
•
custom. A custom identifier such as
UserInGroup
.
Attribute that Contains
the Group Name
the Group Name
Choose the LDAP attribute which specifies the group name that can be
used in the policy group configuration.
used in the policy group configuration.
Choose one of the following values:
•
cn. A unique identifier in the LDAP directory that specifies the name
of a group.
of a group.
•
custom. A custom identifier such as
FinanceGroup
.
Query String to
Determine if Object is a
Group
Determine if Object is a
Group
Choose an LDAP search filter that determines if an LDAP object represents
a user group.
a user group.
Choose one of the following values:
•
objectclass=groupofnames
•
objectclass=groupofuniquenames
•
objectclass=group
•
custom. A custom filter such as
objectclass=person
.
Note: The query defines the set of authentication groups which can be used
in policy groups.
in policy groups.
Table 20-14
LDAP Group Authorization—User Object Settings
User Object Setting
Description
Group Membership
Attribute Within User
Object
Attribute Within User
Object
Choose the attribute which list all the groups that this user belongs to.
Choose one of the following values:
•
memberOf. Unique identifiers in the LDAP directory that specify user
members.
members.
•
custom. A custom identifier such as
UserInGroup
.
Group Membership
Attribute is a DN
Attribute is a DN
Specify whether the group membership attribute is a distinguished name
(DN) which refers to an LDAP object. For Active Directory servers, enable
this option.
(DN) which refers to an LDAP object. For Active Directory servers, enable
this option.
When this is enabled, you must configure the subsequent settings.