Cisco Cisco Email Security Appliance X1070 用户指南
22-45
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 22 LDAP Queries
Identifying a Sender’s User Distinguished Name for RSA Enterprise Manager
Sample User Distinguished Name Settings
This section shows sample settings for an Active Directory server and the user distinguished name query.
This example uses anonymous authentication for the Active Directory server and a query string for user
distinguished name retrieval for Active Directory servers.
This example uses anonymous authentication for the Active Directory server and a query string for user
distinguished name retrieval for Active Directory servers.
Configuring AsyncOS To Work With Multiple LDAP Servers
When you configure an LDAP profile, you can configure the Cisco appliance to connect to a list of
multiple LDAP servers. To use multiple LDAP servers, you must configure LDAP servers to contain the
same information, use the same structure, and use the same authentication information. (third party
products exist that can consolidate the records).
multiple LDAP servers. To use multiple LDAP servers, you must configure LDAP servers to contain the
same information, use the same structure, and use the same authentication information. (third party
products exist that can consolidate the records).
When you configure the Cisco appliance to connect to redundant LDAP servers, you can configure the
LDAP configuration for failover or load balancing.
LDAP configuration for failover or load balancing.
You can use multiple LDAP servers to achieve the following results:
•
Failover. When you configure the LDAP profile for failover, the Cisco appliance fails over to the
next LDAP server in the list if it cannot connect to the first LDAP server.
next LDAP server in the list if it cannot connect to the first LDAP server.
•
Load Balancing. When you configure the LDAP profile for load balancing, the Cisco appliance
distributes connections across the list of LDAP servers when it performs LDAP queries.
distributes connections across the list of LDAP servers when it performs LDAP queries.
You can configure redundant LDAP servers from the System Administration > LDAP page or from the
CLI
CLI
ldapconfig
command.
Testing Servers and Queries
Use the Test Server(s) button on the Add (or Edit) LDAP Server Profile page (or the
test
subcommand
in the CLI) to test the connection to an LDAP server. If you use multiple LDAP servers, AsyncOS tests
each server and displays individual results for each server. AsyncOS will also test the query on each
LDAP server and display the individual results.
each server and displays individual results for each server. AsyncOS will also test the query on each
LDAP server and display the individual results.
Failover
To ensure that LDAP queries are resolved, you can configure your LDAP profile for failover.
The appliance attempts to connect to the first server in the list of LDAP servers for a specified period of
time. If the Cisco appliance cannot connect to the first LDAP server in the list, the appliance attempts to
connect to the next LDAP server in the list. By default, the appliance always attempts to connect to the
time. If the Cisco appliance cannot connect to the first LDAP server in the list, the appliance attempts to
connect to the next LDAP server in the list. By default, the appliance always attempts to connect to the
Table 22-15
Example LDAP Server and Spam Quarantine Alias Consolidation Settings: Active
Directory
Directory
Authentication Method
Anonymous
Server Type
Active Directory
Port
3268
Base DN
[Blank]
Connection Protocol
Use SSL
Query String
(proxyAddresses=smtp:{a})