Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Spaces are allowed in LDAP paths, and they do not need to be quoted. The CN and DC syntax is not 
case-sensitive.

Cn=First Last,oU=user,dc=domain,DC=COM

The variable names you enter for queries are case-sensitive and must match your LDAP implementation 
in order to work correctly. For example, entering 

 at a prompt performs a different 

query than entering 

.

You can use the following tokens in your LDAP queries:

{a} username@domainname

{d} domainname

{dn} distinguished name

{g} groupname

{u} username

{f} MAIL FROM: address

The {f} token is valid in acceptance queries only.

For example, you might use the following query to accept mail for an Active Directory LDAP server:

(|(mail={a})(proxyAddresses=smtp:{a}))

Cisco Systems strongly recommends using the Test feature of the LDAP page (or the 

test

 subcommand 

of the 

ldapconfig

 command) to test all queries you construct and ensure that expected results are 

returned before you enable LDAP functionality on a listener. See 

 for 

more information.

You can use instruct AsyncOS to use SSL when communicating with the LDAP server. If you configure 
your LDAP server profile to use SSL:

AsyncOS will use the LDAPS certificate configured via 

certconfig

 in the CLI (see 

).

You may have to configure your LDAP server to support using the LDAPS certificate.

If an LDAPS certificate has not been configured, AsyncOS will use the demo certificate.