Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
Chapter 4 LDAP Queries
4-204
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
–
Locate the Domain Naming Context folder. This folder has the LDAP
path of your domain.
path of your domain.
–
Right click the Domain Naming Context folder, and then click
Properties.
Properties.
–
Click Security.
–
Click Advanced.
–
Click Add.
–
Click the User Object ANONYMOUS LOGON, and then click OK.
–
Click the Permission Type tab.
–
Click Inheritance from the Apply onto box.
–
Click to select the Allow check box for the Permission permission.
Step 3
Configure the IronPort Messaging Gateway
Use the System Administration > LDAP page (or
ldapconfig
in the CLI) to
create an LDAP server entry with the following information.
–
Hostname of an Active Directory or Exchange server
–
Port 3268
–
Base DN matching the root naming context of the domain
–
Authentication type password based using
cn=anonymous
as the user with
a blank password
Notes for Active Directory Implementations
•
Active Directory servers accept LDAP connections on ports 3268 and 389.
The default port for accessing the global catalog is port 3268.
The default port for accessing the global catalog is port 3268.
•
Active Directory servers accept LDAPS connections on ports 636 and 3269.
Microsoft supports LDAPS on Windows Server 2003 and higher.
Microsoft supports LDAPS on Windows Server 2003 and higher.
•
The Cisco IronPort appliance should connect to a domain controller that is
also a global catalog so that you can perform queries to different bases using
the same server.
also a global catalog so that you can perform queries to different bases using
the same server.
•
Within Active Directory, you may need to grant read permissions to the group
“Everyone” to directory objects to yield successful queries. This includes the
root of the domain naming context.
“Everyone” to directory objects to yield successful queries. This includes the
root of the domain naming context.