cancel
Showing results for 
Search instead for 
Did you mean: 
dtomko
Level 8
Report Inappropriate Content
Message 1 of 6

valid recipient checks for Domino LDAP - need help

Jump to solution

Hello colleagues,

i'm trying to setup ldap email authentication against Domino Ldap for inbound mail. Any my main problem with domino's adress book shortnames: in domino address book every user may have so called shortnames and domino accept email for this shortname also, for ex:

user: test_user

shortname:tuser

for ex. mail domain:domain.com

for this configuration domino accepts email for test_user@domain.com as well as for tuser@domain.com.

Now I have following ldap check("valid recipient"):

     (|(cn=%email%)(uid=%email%)(mail=%email%))

shortname corresponds to uid ldap field, but problem here is that this field contains just shortname(i.e. without domain suffix) while %email% substitution has domain suffix, i.e.:

     uid = tuser

     %email%=tuser@domain.com

and effectively uid!=%email%, so my question is how to overcome this situation? Do we have another substitutions for part of email before "@", may be %user%, so that I could write something like:

   (|(cn=%email%)(uid=%user%)(mail=%email%))

thanks in advance

1 Solution

Accepted Solutions
Highlighted

Re: valid recipient checks for Domino LDAP - need help

Jump to solution

Hi dtomko,

I ran into one pretty much the same as this a while back.  There is a token you can use to authenticate against just the localpart of the address, which it sounds like you need that as well.  Try modifying your query to this:

(|(cn=%email%)(uid=%local%)(mail=%email%))

I have been meaning to write a KB on this, however time has been short.  Here is a breakdown of some of the vairables you can use in MEG7 for LDAP:

%local%                represents the user part of the email

%domain%         represents the domain part of the email

%emailplain%    is used for emails which are quoted (eg: “xyz”@abc.com), and we cannot use the same email format for making ldap queries. So using %emailplain%, we can change the “xyz”@abc.com to xyz@abc.com.

Let me know if that works for you.  Thanks.

--Jake

View solution in original post

5 Replies

Re: valid recipient checks for Domino LDAP - need help

Jump to solution

Hi!

We are using a Domino LDAP authentication as well.  Although we don't allow outside email to be addressed to the shortname, we do honor old names (people get married, divorced, etc.) by putting the "grandfathered" names in the Full Name field in the Domino Directory.  You might be able to include the shortname there, as well, i.e. tuser@domain.com.

Our LDAP query looks like this:

(|(mail=%email%)(FullName=%email%)):dn,cn

I most definitely am NOT an LDAP expert, but this does work for us.

dtomko
Level 8
Report Inappropriate Content
Message 3 of 6

Re: valid recipient checks for Domino LDAP - need help

Jump to solution

Hello,

well, problem here is that shortnames don't contain domain names while %mail% substitution have it, so I can't check them.

eplossl
Level 11
Report Inappropriate Content
Message 4 of 6

Re: valid recipient checks for Domino LDAP - need help

Jump to solution

As you said, the shortname doesn't contain the domain name.  The end result is that, unless you add an attribute to each user which sets up a new email address for each user of shortname@domain.com, you cannot email through the appliance to a shortname address.  Other than that, it will be necessary to submit a PER through our request system to see if that could be added as a feature to the product.

dtomko
Level 8
Report Inappropriate Content
Message 5 of 6

Re: valid recipient checks for Domino LDAP - need help

Jump to solution

Hello eplossl,

thanks for your feedback, one more question: what is the purpose of identity attribute? What if I would add my shortname as identity attribute 2? Will it help me somehow?

Highlighted

Re: valid recipient checks for Domino LDAP - need help

Jump to solution

Hi dtomko,

I ran into one pretty much the same as this a while back.  There is a token you can use to authenticate against just the localpart of the address, which it sounds like you need that as well.  Try modifying your query to this:

(|(cn=%email%)(uid=%local%)(mail=%email%))

I have been meaning to write a KB on this, however time has been short.  Here is a breakdown of some of the vairables you can use in MEG7 for LDAP:

%local%                represents the user part of the email

%domain%         represents the domain part of the email

%emailplain%    is used for emails which are quoted (eg: “xyz”@abc.com), and we cannot use the same email format for making ldap queries. So using %emailplain%, we can change the “xyz”@abc.com to xyz@abc.com.

Let me know if that works for you.  Thanks.

--Jake

View solution in original post

Want to Ask a Question?
Many members like to perform a search first in case other customers have already asked and answered a similar question. However, to ask a question, first select a forum then click on Post a Topic. You must sign in or log in with your existing credentials.

McAfee Service Portal customers please use your existing username and password to log into the community.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community