Configuring External Authentication of Administrative Users Using LDAP

You can configure the Cisco Content Security appliance to use an LDAP directory on your network to authenticate administrative users by allowing them to log in to the appliance with their LDAP user names and passphrases.

Procedure

Step 1

Configure the LDAP Server Profile. See Creating the LDAP Server Profile.

Step 2

Create a query to find user accounts. In an LDAP server profile, in the External Authentication Queries section, create a query to search for user accounts in the LDAP directory. See User Accounts Query for Authenticating Administrative Users.

Step 3

Create group membership queries. Create a query to determine if a user is a member of a directory group, and create a separate query to find all members of a group. For more information, see Group Membership Queries for Authenticating Administrative Users and the documentation or online help for your Email Security appliance.

Note	Use the Test Queries button in the External Authentication Queries section of the page (or the ldaptest command) to verify that your queries return the expected results. For related information, see Testing LDAP Queries.

Step 4

Set up external authentication to use the LDAP server. Enable the appliance to use the LDAP server for user authentication and assign user roles to the groups in the LDAP directory. For more information, see Enabling External Authentication of Administrative Users and the “Adding Users” in the documentation or online help for your Email Security appliance.