Cisco ASA 5505 Configuration Manual page 1575

Chapter 68 E-Mail Proxy
Default Group Policy—Select the group policy to apply to IMAP4S users when AAA does not return
•
a CLASSID attribute. If you do not specify a default group policy, and there is no CLASSID, the
adaptive security appliance can not establish the session.
Authorization Settings—Lets you set values for usernames that the adaptive security appliance
•
recognizes for IMAP4S authorization. This applies to IMAP4S users that authenticate with digital
certificates and require LDAP or RADIUS authorization.
–
–
–
DN Field
Country (C)
Common Name (CN)
DN Qualifier (DNQ)
E-mail Address (EA)
Generational Qualifier
(GENQ)
Given Name (GN)
Initials (I)
Locality (L)
Name (N)
Organization (O)
Organizational Unit
(OU)
Serial Number (SER)
Surname (SN)
State/Province (S/P)
Title (T)
User ID (UID)
–
OL-20339-01
User the entire DN as the username—Select to use the fully qualified domain name for IMAP4S
authorization.
Specify individual DN fields as the username—Select to specify specific DN fields for user
authorization.
You can choose two DN fields, primary and secondary. For example, if you choose EA, users
authenticate according to their e-mail address. Then a user with the Common Name (CN) John
Doe and an e-mail address of johndoe@cisco.com cannot authenticate as John Doe or as
johndoe. He must authenticate as johndoe@cisco.com. If you choose EA and O, John Does must
authenticate as johndoe@cisco.com and Cisco. Systems, Inc.
Primary DN Field—Select the primary DN field you want to configure for IMAP4S
authorization. The default is CN. Options include the following:
Definition
The two-letter country abbreviation. These codes conform to ISO 3166
country abbreviations.
The name of a person, system, or other entity. This is the lowest (most
specific) level in the identification hierarchy.
A specific DN attribute.
The e-mail address of the person, system or entity that owns the certificate.
A generational qualifier such as Jr., Sr., or III.
The first name of the certificate owner.
The first letters of each part of the certificate owner's name.
The city or town where the organization is located.
The name of the certificate owner.
The name of the company, institution, agency, association, or other entity.
The subgroup within the organization.
The serial number of the certificate.
The family name or last name of the certificate owner.
The state or province where the organization is located.
The title of the certificate owner, such as Dr.
The identification number of the certificate owner.
Secondary DN Field—(Optional) Select the secondary DN field you want to configure for
IMAP4S authorization. The default is OU. Options include all of those in the preceding table,
with the addition of None, which you select if you do not want to include a secondary field.
Cisco ASA 5500 Series Configuration Guide using ASDM
AAA
68-5