Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
Chapter 3 LDAP Queries
3-60
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Note
Use the Test Query button on the LDAP page (or the
ldaptest
command) to
verify that your queries return the expected results. For more information, see
User Accounts Query
To authenticate external users, AsyncOS uses a query to search for the user record
in the LDAP directory and the attribute that contains the user’s full name.
Depending on the server type you select, AsyncOS enters a default query and a
default attribute. You can choose to have your appliance deny users with expired
accounts if you have attributes defined in RFC 2307 in your LDAP user records
(
in the LDAP directory and the attribute that contains the user’s full name.
Depending on the server type you select, AsyncOS enters a default query and a
default attribute. You can choose to have your appliance deny users with expired
accounts if you have attributes defined in RFC 2307 in your LDAP user records
(
shadowLastChange
,
shadowMax
, and
shadowExpire
). The base DN is required for
the domain level where user records reside.
uses when it searches for a user account on an Active Directory server.
uses when it searches for a user account on an OpenLDAP server.
Table 3-7
Default User Account Query String and Attribute: Active
Directory
Directory
Server Type
Active Directory
Base DN
[blank] (You need to use a specific base DN to find
the user records.)
the user records.)
Query String
(&(objectClass=user)(sAMAccountName={u}))
Attribute containing the
user’s full name
user’s full name
displayName
Table 3-8
Default User Account Query String and Attribute: OpenLDAP
Server Type
OpenLDAP
Base DN
[blank] (You need to use a specific base DN to find
the user records.)
the user records.)