Руководство Пользователя для Cisco Cisco Email Security Appliance C170

Spam quarantine end-user authentication queries validate users when they log in to the Cisco IronPort 
Spam Quarantine. The token {u} specifies the user (it represents the user’s login name). The token {a} 
specifies the user’s email address. The LDAP query does not strip "SMTP:" from the email address; 
AsyncOS strips that portion of the address.

If you want the Cisco IronPort Spam Quarantine to use an LDAP query for end-user access, check the 
“Designate as the active query” check box. If there is an existing active query, it is disabled. When you 
open the System Administration > LDAP page, an asterix (*) is displayed next to the active queries.

Based on the server type, AsyncOS uses one of the following default query strings for the end-user 
authentication query:

Active Directory: 

(sAMAccountName={u})

OpenLDAP: 

(uid={u})

Unknown or Other: [Blank]

By default, the primary email attribute is 

proxyAddresses

 for Active Directory servers and 

mail

 for 

OpenLDAP servers. You can enter your own query and email attributes. To create the query from the 
CLI, use the 

isqauth

 subcommand of the 

ldapconfig

 command.

If you want users to log in with their full email address, use 

(mail=smtp:{a})

 for the Query String.

For information on enabling end-user authentication for spam quarantines, see “Configuring the Cisco 
IronPort Spam Quarantines Feature” in the Cisco IronPort AsyncOS for Email Daily Management Guide.

This section shows sample settings for an Active Directory server and the end-user authentication query. 
This example uses password authentication for the Active Directory server, the 

mail

 and 

proxyAddresses

 email attributes, and the default query string for end-user authentication for Active 

Directory servers.

Use Password (Need to create a low-privilege user to bind 
for searching, or configure anonymous searching.)

Active Directory

3268

[Blank]

[Blank]

(sAMAccountName={u})

mail,proxyAddresses