Cisco Cisco Email Security Appliance X1070 用户指南
3-59
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Logging and SMTP Authentication
The following events will be logged in the IronPort mail logs when the SMTP
Authentication mechanism (either LDAP-based, SMTP forwarding server based,
or SMTP outgoing) is configured on the appliance:
Authentication mechanism (either LDAP-based, SMTP forwarding server based,
or SMTP outgoing) is configured on the appliance:
•
[Informational] Successful SMTP Authentication attempts — including the
user authenticated and the mechanism used. (No plaintext passwords will be
logged.)
user authenticated and the mechanism used. (No plaintext passwords will be
logged.)
•
[Informational] Unsuccessful SMTP Authentication attempts — including
the user authenticated and the mechanism used.
the user authenticated and the mechanism used.
•
[Warning] Inability to connect to the authentication server — including the
server name and the mechanism.
server name and the mechanism.
•
[Warning] A time-out event when the forwarding server (talking to an
upstream, injecting IronPort appliance) times out while waiting for an
authentication request.
upstream, injecting IronPort appliance) times out while waiting for an
authentication request.
Configuring External Authentication for Users
You can configure the IronPort appliance to use an LDAP directory on your
network to authenticate users by allowing them to log in with their LDAP
usernames and passwords. After you configure the authentication queries for the
LDAP server, enable the appliance to use external authentication on the System
Administration > Users page in the GUI (or use the
network to authenticate users by allowing them to log in with their LDAP
usernames and passwords. After you configure the authentication queries for the
LDAP server, enable the appliance to use external authentication on the System
Administration > Users page in the GUI (or use the
userconfig
command in the
CLI).
To configure external authentication for users, complete the following steps:
Step 1
Create a query to find user accounts. In an LDAP server profile, create a query
to search for user accounts in the LDAP directory.
to search for user accounts in the LDAP directory.
Step 2
Create group membership queries. Create a query to determine if a user is a
member of a directory group.
member of a directory group.
Step 3
Set up external authentication to use the LDAP server. Enable the appliance to
use the LDAP server for user authentication and assign user roles to the groups in
the LDAP directory. For more information, see “Adding Users” in the Cisco
IronPort AsyncOS for Email Daily Management Guide.
use the LDAP server for user authentication and assign user roles to the groups in
the LDAP directory. For more information, see “Adding Users” in the Cisco
IronPort AsyncOS for Email Daily Management Guide.