cancel
Showing results for 
Search instead for 
Did you mean: 
nishantvshah
Level 9

Ldap issues with ironmail

Hi Guys,

I am trying to configure ldap on our ironmail so we can use address validation on ironmail. I have added a profile with the correct username and password with the user name in full ldap format cn="", dc="", dc="") etc.

when i am trying to add a rule i am not able to understand what to put in the search dn (i am adding our domain as dc=xyz,dc=com). can anybody throw some light on what exactly is required to be put in those fileds and how can i find the information required using an ldap browser.

i even downloaded the ldap configuration manual of ciphertrust but that doesnt help.

Thanks in advance.

Nishant

0 Kudos
3 Replies
nishantvshah
Level 9

Re: Ldap issues with ironmail

guys, i was just playing around and what i did was instead of choosing domain type as global i chose domain list and added our domain xyz.com in there. now, when i type the search dn and validating attribute (i have put mail in here and tried sAMAccountName as well).. now when i do a test with an email address, i do get the parsed results but at the top of the window it says ldap test failed..

anyone has any idea why it is failing inspite of me getting the right information back. and is it better to use domain type based on our domain or global. i think domain type should be set to our perticular domain only.

please reply asap.

thanks in advance.

Nishant.

0 Kudos
feeeds
Level 9

Re: Ldap issues with ironmail

Were you ever able to set this up correctly?  I was also wondering what to put in these fields (search DN, group and member filter)  thanks,

0 Kudos
slhart
Level 7

Re: Ldap issues with ironmail

Intrusion Defender - LDAP Profile - Add New

Name the profile - I use the server name that I am using for the LDAP link

choose the Platform - Active Directory 2003 in my case

type in the IP address of the LDAP server

Port 389 - Non Secure or Secure depending on your configuration

User DN (type in the User name of an Active Directory account that has browse rights to the entire tree)

Password - type in that accounts password and Confirm it

Add multiple LDAP sources to improve reliability and speed of searches

Then go into LDAP Rules

Click on the ID of the existing Rule or Add New

Then click on Profiles (ordered)

Select the profile you wish to configure

In the Search DN - type  dc=XY, dc=XYZ, dc=net

In the Serach Filter - (&(|(proxyAddresses=SMTP:<$EMAIL$>)(proxyAddresses=smtp:<$EMAIL$>)(mail=<$EMAIL$>)(userPrincipalName=<$EMAIL$>))(!(msExchRequireAuthtoSendTo=TRUE)))

Validate Attribute - objectClass

Mailhost Attribute - mailhost

Masq. Attribute - proxyAddresses

Go to the Test prarameters and enter an email address for one of your users.... and click Test

Should get a correct reply  if you scroll down the page

-- or No results returned from the LDAP Server if the address doesn't exist

0 Kudos