User Guide

374
IRONPORT ASYNCOS 6.3 FOR WEB USER GUIDE
A non-Identity policy group uses the Identity policy group and the primary group is
configured as an authorized group in the Active Directory server.
Table 16-13 describes the group object settings.
Table 16-14 describes the user object settings.
Table 16-13 LDAP Group Authorization—Group Object Settings
Group Object Setting Description
Group Membership
Attribute Within Group
Object
Choose the LDAP attribute which lists all users that belong to this
group.
Choose one of the following values:
member and uniquemember. Unique identifiers in the LDAP
directory that specify group members.
custom. A custom identifier such as
UserInGroup.
Attribute that Contains the
Group Name
Choose the LDAP attribute which specifies the group name that can be
used in the policy group configuration.
Choose one of the following values:
cn. A unique identifier in the LDAP directory that specifies the name
of a group.
custom. A custom identifier such as
FinanceGroup.
Query String to Determine
if Object is a Group
Choose an LDAP search filter that determines if an LDAP object
represents a user group.
Choose one of the following values:
objectclass=groupofnames
objectclass=groupofuniquenames
objectclass=group
custom. A custom filter such as
objectclass=person.
Note: The query defines the set of authentication groups which can be
used in policy groups.
Table 16-14 LDAP Group Authorization—User Object Settings
User Object Setting Description
Group Membership
Attribute Within User
Object
Choose the attribute which list all the groups that this user belongs to.
Choose one of the following values:
memberOf. Unique identifiers in the LDAP directory that specify
user members.
custom. A custom identifier such as
UserInGroup.