Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
25-14
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 25 LDAP Queries
Working with LDAP Queries
Note
The {f} token is valid in acceptance queries only.
For example, you might use the following query to accept mail for an Active Directory LDAP server:
(|(mail={a})(proxyAddresses=smtp:{a}))
Note
Cisco Systems strongly recommends using the Test feature of the LDAP page (or the
test
subcommand
of the
ldapconfig
command) to test all queries you construct and ensure that expected results are
returned before you enable LDAP functionality on a listener. See
for
more information.
Secure LDAP (SSL)
You can use instruct AsyncOS to use SSL when communicating with the LDAP server. If you configure
your LDAP server profile to use SSL:
your LDAP server profile to use SSL:
•
AsyncOS will use the LDAPS certificate configured via
certconfig
in the CLI (see
You may have to configure your LDAP server to support using the LDAPS certificate.
•
If an LDAPS certificate has not been configured, AsyncOS will use the demo certificate.
Routing Queries
There is no recursion limit for LDAP routing queries; the routing is completely data driven. However,
AsyncOS does check for circular reference data to prevent the routing from looping infinitely.
AsyncOS does check for circular reference data to prevent the routing from looping infinitely.
Allowing Clients to Bind to the LDAP Server Anonymously
You may need to configure your LDAP directory server to allow for anonymous queries. (That is, clients
can bind to the server anonymously and perform queries.) For specific instructions on configuring Active
Directory to allow anonymous queries, see the “Microsoft Knowledge Base Article - 320528” at the
following URL:
can bind to the server anonymously and perform queries.) For specific instructions on configuring Active
Directory to allow anonymous queries, see the “Microsoft Knowledge Base Article - 320528” at the
following URL:
Alternately, you can configure one “user” dedicated solely for the purposes of authenticating and
performing queries instead of opening up your LDAP directory server for anonymous queries from any
client.
performing queries instead of opening up your LDAP directory server for anonymous queries from any
client.
A summary of the steps is included here, specifically:
•
How to set up Microsoft Exchange 2000 server to allow “anonymous” authentication.
•
How to set up Microsoft Exchange 2000 server to allow “anonymous bind.”
•
How to set up AsyncOS to retrieve LDAP data from a Microsoft Exchange 2000 server using both
“anonymous bind” and “anonymous” authentication.
“anonymous bind” and “anonymous” authentication.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B320528