Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
23-14
Cisco AsyncOS 8.5 for Email User Guide
Chapter 23 LDAP Queries
Working with LDAP Queries
•
How to set up Microsoft Exchange 2000 server to allow “anonymous bind.”
•
How to set up AsyncOS to retrieve LDAP data from a Microsoft Exchange 2000 server using both
“anonymous bind” and “anonymous” authentication.
“anonymous bind” and “anonymous” authentication.
Specific permissions must be made to a Microsoft Exchange 2000 server in order to allow “anonymous”
or “anonymous bind” authentication for the purpose of querying user email addresses. This can be very
useful when an LDAP query is used to determine the validity of an income email message to the SMTP
gateway.
or “anonymous bind” authentication for the purpose of querying user email addresses. This can be very
useful when an LDAP query is used to determine the validity of an income email message to the SMTP
gateway.
Anonymous Authentication Setup
The following setup instructions allow you to make specific data available to unauthenticated queries of
Active Directory and Exchange 2000 servers in the Microsoft Windows Active Directory. If you wish to
allow “anonymous bind” to the Active Directory, see
Active Directory and Exchange 2000 servers in the Microsoft Windows Active Directory. If you wish to
allow “anonymous bind” to the Active Directory, see
Procedure
Step 1
Determine required Active Directory permissions.
Using the ADSI Edit snap-in or the LDP utility, you must modify the permissions to the attributes
of the following Active Directory objects:
of the following Active Directory objects:
–
The root of the domain naming context for the domain against which you want to make queries.
–
All OU and CN objects that contain users against which you wish to query email information.
The following table shows the required permissions to be applied to all of the needed containers.
Step 2
Set Active Directory Permissions
–
Open ADSIEdit form the Windows 2000 Support Tools.
–
Locate the Domain Naming Context folder. This folder has the LDAP path of your domain.
–
Right click the Domain Naming Context folder, and then click Properties.
–
Click Security.
–
Click Advanced.
–
Click Add.
–
Click the User Object Everyone, and then click OK.
–
Click the Permission Type tab.
–
Click Inheritance from the Apply onto box.
–
Click to select the Allow check box for the Permission permission.
Step 3
Configure the Cisco Messaging Gateway
User Object
Permissions
Inheritance
Permission Type
Everyone
List Contents
Container Objects
Object
Everyone
List Contents
Organizational Unit Objects
Object
Everyone
Read Public Information
User Objects
Property
Everyone
Read Phone and Mail
Options
Options
User Objects
Property