Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Spam quarantine end-user authentication queries validate users when they log in to the Spam Quarantine. 
The token {u} specifies the user (it represents the user’s login name). The token {a} specifies the user’s 
email address. The LDAP query does not strip "SMTP:" from the email address; AsyncOS strips that 
portion of the address.

If you want the Spam Quarantine to use an LDAP query for end-user access, check the “Designate as the 
active query” check box. If there is an existing active query, it is disabled. When you open the System 
Administration > LDAP page, an asterisk (*) is displayed next to the active queries.

Based on the server type, AsyncOS uses one of the following default query strings for the end-user 
authentication query:

Active Directory: 

(sAMAccountName={u})

OpenLDAP: 

(uid={u})

Unknown or Other: [Blank]

By default, the primary email attribute is 

proxyAddresses

 for Active Directory servers and 

mail

 for 

OpenLDAP servers. You can enter your own query and email attributes. To create the query from the 
CLI, use the 

isqauth

 subcommand of the 

ldapconfig

 command.

If you want users to log in with their full email address, use 

(mail=smtp:{a})

 for the Query String.

This section shows sample settings for an Active Directory server and the end-user authentication query. 
This example uses password authentication for the Active Directory server, the 

mail

 and 

proxyAddresses

 email attributes, and the default query string for end-user authentication for Active 

Directory servers.

Use Password (Need to create a low-privilege user to bind 
for searching, or configure anonymous searching.)

Active Directory

3268

[Blank]

[Blank]

(sAMAccountName={u})

mail,proxyAddresses