Testing LDAP Queries

Use the Test Query button on the Add/Edit LDAP Server Profile page (or the ldaptest command in the CLI) to test your queries. AsyncOS displays details about each stage of the query connection test. For example, whether the first stage SMTP authorization succeeded or failed, and whether the BIND match returned a true or false result.

The ldaptest command is available as a batch command, for example:

ldaptest LDAP.isqalias foo@cisco.com

The variable names you enter for queries are case-sensitive and must match your LDAP implementation to work correctly. For example, entering mailLocalAddress for the email attribute performs a different query than entering maillocaladdress .

To test a query, you must enter the test parameters and click Run Test. The results appear in the Test Connection field. If an end-user authentication query succeeds, a result of “Success: Action: match positive” is displayed. For alias consolidation queries, a result of “Success: Action: alias consolidation” is displayed, along with the email address for the consolidated spam notifications. If a query fails, AsyncOS displays a reason for the failure, such as no matching LDAP records were found, or the matching record did not contain the email attribute. If you use multiple LDAP servers, the Cisco Content Security appliance tests the query on each LDAP server.