If you maintain end-user passwords and email aliases in a corporate LDAP directory — for example, in Microsoft Active Directory, SunONE Directory Server, or OpenLDAP directories — you can use the LDAP directory to authenticate the following users:
End users and administrative users who access the spam quarantine.
When a user logs in to the web UI for the spam quarantine, the LDAP server validates the login name and password, and AsyncOS retrieves a list of the corresponding email aliases. Quarantined messages sent to any of the user's email aliases can appear in the spam quarantine, as long as the appliance does not rewrite them.
Administrative users who sign in to the Cisco Content Security Management appliance when External Authentication is enabled and configured.
See Configuring External Authentication of Administrative Users Using LDAP.