Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
11-8
AsyncOS 9.1 for Cisco Content Security Management Appliances User Guide
Chapter 11 Integrating with LDAP
Domain-Based Queries
Testing LDAP Queries
Use the Test Query button on the Add/Edit LDAP Server Profile page (or the
ldaptest
command in the
CLI) to test your queries. AsyncOS displays details about each stage of the query connection test. For
example, whether the first stage SMTP authorization succeeded or failed, and whether the BIND match
returned a true or false result.
example, whether the first stage SMTP authorization succeeded or failed, and whether the BIND match
returned a true or false result.
The
ldaptest
command is available as a batch command, for example:
ldaptest LDAP.isqalias foo@cisco.com
The variable names you enter for queries are case-sensitive and must match your LDAP implementation
to work correctly. For example, entering
to work correctly. For example, entering
mailLocalAddress
for the email attribute performs a different
query than entering
maillocaladdress
.
To test a query, you must enter the test parameters and click Run Test. The results appear in the Test
Connection field. If an end-user authentication query succeeds, a result of “Success: Action: match
positive” is displayed. For alias consolidation queries, a result of “Success: Action: alias consolidation”
is displayed, along with the email address for the consolidated spam notifications. If a query fails,
AsyncOS displays a reason for the failure, such as no matching LDAP records were found, or the
matching record did not contain the email attribute. If you use multiple LDAP servers, the Cisco Content
Security appliance tests the query on each LDAP server.
Connection field. If an end-user authentication query succeeds, a result of “Success: Action: match
positive” is displayed. For alias consolidation queries, a result of “Success: Action: alias consolidation”
is displayed, along with the email address for the consolidated spam notifications. If a query fails,
AsyncOS displays a reason for the failure, such as no matching LDAP records were found, or the
matching record did not contain the email attribute. If you use multiple LDAP servers, the Cisco Content
Security appliance tests the query on each LDAP server.
Domain-Based Queries
Domain-based queries are LDAP queries that are grouped by type and associated with a domain. You
might want to use domain-based queries if different LDAP servers are associated with different domains,
but you need to run queries for all your LDAP servers for end-user quarantine access. For example, a
company called Bigfish owns the domains Bigfish.com, Redfish.com, and Bluefish.com, and it
maintains a different LDAP server for employees associated with each domain. Bigfish can use a
domain-based query to authenticate end-users against the LDAP directories of all three domains.
might want to use domain-based queries if different LDAP servers are associated with different domains,
but you need to run queries for all your LDAP servers for end-user quarantine access. For example, a
company called Bigfish owns the domains Bigfish.com, Redfish.com, and Bluefish.com, and it
maintains a different LDAP server for employees associated with each domain. Bigfish can use a
domain-based query to authenticate end-users against the LDAP directories of all three domains.
To use a domain-based query to control end-user access or notifications for the spam quarantine,
complete the following steps:
complete the following steps:
Procedure
Step 1
Create an LDAP server profile for each domain you want to use in the domain-based query. In each
server profile, configure the queries you want to use in the domain-based query. For more information,
see
server profile, configure the queries you want to use in the domain-based query. For more information,
see
Step 2
Create the domain-based query. When you create the domain-based query, you select queries from each
server profile, and designate the domain-based query as an active query for the spam quarantine. For
more information about creating the query, see
server profile, and designate the domain-based query as an active query for the spam quarantine. For
more information about creating the query, see
.
Step 3
Enable end-user access or spam notifications for the spam quarantine. For more information, see
.