Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Web Security Appliance S170
391392393394395396397398399400
LDAP AUTHENTICATION SETTINGS
CHAPTER 16: AUTHENTICATION 375
Group Membership
Attribute is a DN
Specify whether the group membership attribute is a distinguished
name (DN) which refers to an LDAP object. For Active Directory
servers, enable this option.
When this is enabled, you must configure the subsequent settings.
Attribute that Contains the
Group Name
When the group membership attribute is a DN, this specifies the
attribute that can be used as group name in policy group
configurations.
Choose one of the following values:
cn. A unique identifier in the LDAP directory that specifies the name
of a group.
custom. A custom identifier such as
FinanceGroup.
Query String to Determine
if Object is a Group
Choose an LDAP search filter that determines if an LDAP object
represents a user group.
Choose one of the following values:
objectclass=groupofnames
objectclass=groupofuniquenames
objectclass=group
custom. A custom filter such as
objectclass=person.
Note: The query defines the set of authentication groups which can be
used in Web Security Manager policies.
Table 16-14 LDAP Group Authorization—User Object Settings (Continued)
User Object Setting Description