User Guide

25-43

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 25 LDAP Queries

Authenticating End-Users of the Spam Quarantine

Spam quarantine end-user authentication queries validate users when they log in to the Spam Quarantine.

The token {u} specifies the user (it represents the user’s login name). The token {a} specifies the user’s

email address. The LDAP query does not strip "SMTP:" from the email address; AsyncOS strips that

portion of the address.

If you want the Spam Quarantine to use an LDAP query for end-user access, check the “Designate as the

active query” check box. If there is an existing active query, it is disabled. When you open the System

Administration > LDAP page, an asterisk (*) is displayed next to the active queries.

Based on the server type, AsyncOS uses one of the following default query strings for the end-user

authentication query:

• Active Directory: (sAMAccountName={u})

• OpenLDAP: (uid={u})

• Unknown or Other: [Blank]

By default, the primary email attribute is

proxyAddresses for Active Directory servers and mail for

OpenLDAP servers. You can enter your own query and email attributes. To create the query from the

CLI, use the

isqauth subcommand of the ldapconfig command.

Note If you want users to log in with their full email address, use (mail=smtp:{a}) for the Query String.