Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160

The variable names you enter for queries are case-sensitive and must match your LDAP implementation 
in order to work correctly. For example, entering mailLocalAddress at a prompt performs a different 
query than entering maillocaladdress.

You can use the following tokens in your LDAP queries: 

{a} username@domainname 

{d} domain 

{dn} distinguished name

{g} group name

{u} user name

{f} MAILFROM: address

The {f} token is valid in acceptance queries only.

For example, you might use the following query to accept mail for an Active Directory LDAP server: 
(|(mail={a})(proxyAddresses=smtp:{a}))

We strongly recommend using the Test feature of the LDAP page (or the test subcommand of the 
ldapconfig command) to test all queries you construct and ensure that expected results are returned 
before you enable LDAP functionality on a listener. See the 

 for more information.

End-user authentication queries validate users when they log in to the Cisco IronPort Spam Quarantine. 
The token {u} specifies the user (it represents the user’s login name). The token {a} specifies the user’s 
email address. The LDAP query does not strip "SMTP:" from the email address; AsyncOS strips that 
portion of the address. 

Based on the server type, AsyncOS uses one of the following default query strings for the end-user 
authentication query:

Active Directory: 

(sAMAccountName={u})

OpenLDAP: 

(uid={u})

Unknown or Other: [Blank]

By default, the primary email attribute is mail. You can enter your own query and email attributes. To 
create the query in the CLI, use the 

isqauth

 subcommand of the ldapconfig command.

If you want users to log in with their full email addresses, use 

(mail=smtp:{a})

 for the query string.