Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

If you want the Spam Quarantine to use an LDAP query for end-user access, check the “Designate as the 
active query” check box. If there is an existing active query, it is disabled. When you open the System 
Administration > LDAP page, an asterix (*) is displayed next to the active queries.

Based on the server type, AsyncOS uses one of the following default query strings for the end-user 
authentication query:

Active Directory: 

(sAMAccountName={u})

OpenLDAP: 

(uid={u})

Unknown or Other: [Blank]

By default, the primary email attribute is 

proxyAddresses

 for Active Directory servers and 

mail

 for 

OpenLDAP servers. You can enter your own query and email attributes. To create the query from the 
CLI, use the 

isqauth

 subcommand of the 

ldapconfig

 command.

If you want users to log in with their full email address, use 

(mail=smtp:{a})

 for the Query String.

This section shows sample settings for an Active Directory server and the end-user authentication query. 
This example uses password authentication for the Active Directory server, the 

mail

 and 

proxyAddresses

 email attributes, and the default query string for end-user authentication for Active 

Directory servers.

Use Password (Need to create a low-privilege user to bind 
for searching, or configure anonymous searching.)

Active Directory

3268

[Blank]

[Blank]

(sAMAccountName={u})

mail,proxyAddresses