Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
8-24
Cisco IronPort AsyncOS 7.6 for Email Daily Management Guide
OL-25138-01
Chapter 8 Common Administrative Tasks
Working with User Accounts
Figure 8-16
Enabling External Authentication
Enabling LDAP Authentication
In addition to using an LDAP directory to authenticate users, you can assign LDAP groups to Cisco
IronPort user roles. For example, you can assign users in the IT group to the Administrator user role, and
you can assign users in the Support group to the Help Desk User role. If a user belongs to multiple LDAP
groups with different user roles, AsyncOS grants the user the permissions for the most restrictive role.
For example, if a user belongs to a group with Operator permissions and a group with Help Desk User
permissions, AsyncOS grants the user the permissions for the Help Desk User role.
IronPort user roles. For example, you can assign users in the IT group to the Administrator user role, and
you can assign users in the Support group to the Help Desk User role. If a user belongs to multiple LDAP
groups with different user roles, AsyncOS grants the user the permissions for the most restrictive role.
For example, if a user belongs to a group with Operator permissions and a group with Help Desk User
permissions, AsyncOS grants the user the permissions for the Help Desk User role.
Note
If an external user changes the user role for their LDAP group, the user should log out of the appliance
and then log back in. The user will have the permissions of their new role.
and then log back in. The user will have the permissions of their new role.
Before enabling external authentication using LDAP, define an LDAP server profile and an external
authentication query for the LDAP server. For more information, see the “LDAP Queries” chapter in the
Cisco IronPort AsyncOS for Email Advanced Configuration Guide.
authentication query for the LDAP server. For more information, see the “LDAP Queries” chapter in the
Cisco IronPort AsyncOS for Email Advanced Configuration Guide.
To enable external authentication using LDAP:
Step 1
On the System Administration > Users page, click Enable. The Edit External Authentication page is
displayed.
displayed.
Step 2
Select the Enable External Authentication check box.
Step 3
Select LDAP for the authentication type.
Figure 8-17
Enabling External Authentication Using LDAP
Step 4
Enter the amount of time to store external authentication credentials in the web user interface.
Step 5
Select the LDAP external authentication query that authenticates users.
Step 6
Enter the number of seconds that the appliance waits for a response from the server before timing out.
Step 7
Enter the name of a group from the LDAP directory that you want the appliance to authenticate, and
select the role for the users in the group.
select the role for the users in the group.
Step 8
Optionally, click Add Row to add another directory group. Repeat steps
and
for each directory group
that the appliance authenticates.
Step 9
Submit and commit your changes.