Cisco Cisco Email Security Appliance C650 用户指南
26-5
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 26 LDAP Queries
Overview of LDAP Queries
Procedure
Step 1
On the System Administration > LDAP page, click Add LDAP Server Profile.
Step 2
Enter a name for the server profile.
Step 3
Enter the host name for the LDAP server.
You can enter multiple host names to configure the LDAP servers for failover or load-balancing.
Separate multiple entries with commas.
Separate multiple entries with commas.
Step 4
Select an authentication method. You can use anonymous authentication or specify a username and
password.
password.
Step 5
Select the LDAP server type: Active Directory, OpenLDAP, or Unknown or Other.
Step 6
Enter a port number.
The default port is 3268. This is the default port for Active Directory that enables it to access the
global catalog in a multi-server environment.
global catalog in a multi-server environment.
Step 7
Enter a Base DN (distinguishing name) for the LDAP server.
If you authenticate with a username and a password, the username must include the full DN to the
entry that contains the password. For example, a user is a member of the marketing group with an
email address of joe@example.com. The entry for this user would look like the following entry:
entry that contains the password. For example, a user is a member of the marketing group with an
email address of joe@example.com. The entry for this user would look like the following entry:
uid=joe, ou=marketing, dc=example dc=com
Step 8
Select whether to use SSL when communicating with the LDAP server.
Step 9
Under Advanced, enter cache time-to-live. This value represents the amount of time to retain caches.
Step 10
Enter the maximum number of retained cache entries.
Note
This cache is maintained per LDAP server. If you are configuring more than one LDAP servers,
you must set a smaller LDAP cache value for better performance. Also, if the memory usage of
various processes in the appliance is high, increasing this value may reduce the system
performance.
you must set a smaller LDAP cache value for better performance. Also, if the memory usage of
various processes in the appliance is high, increasing this value may reduce the system
performance.
Step 11
Enter a maximum number of simultaneous connections.
If you configure the LDAP server profile for load balancing, these connections are distributed among the
listed LDAP servers. For example, if you configure 10 simultaneous connections and load balance the
connections over three servers, AsyncOS creates 10 connections to each server, for a total of 30
connections.
listed LDAP servers. For example, if you configure 10 simultaneous connections and load balance the
connections over three servers, AsyncOS creates 10 connections to each server, for a total of 30
connections.
Note
The maximum number of simultaneous connections includes LDAP connections used for LDAP
queries. However, the appliance may open more connections if you use LDAP authentication for
the Spam Quarantine.
queries. However, the appliance may open more connections if you use LDAP authentication for
the Spam Quarantine.
Step 12
Test the connection to the server by clicking the Test Server(s) button. If you specified multiple LDAP
servers, they are all tested. The results of the test appear in the Connection Status field. For more
information, see
servers, they are all tested. The results of the test appear in the Connection Status field. For more
information, see
.
Step 13
Create queries by marking the checkbox and completing the fields. You can select Accept, Routing,
Masquerade, Group, SMTP Authentication, External Authentication, Spam Quarantine End-User
Authentication, and Spam Quarantine Alias Consolidation.
Masquerade, Group, SMTP Authentication, External Authentication, Spam Quarantine End-User
Authentication, and Spam Quarantine Alias Consolidation.