3 Replies Latest reply: Sep 4, 2012 2:28 PM by slhart RSS

    Ldap issues with ironmail

    Nishant Shah

      Hi Guys,


      I am trying to configure ldap on our ironmail so we can use address validation on ironmail. I have added a profile with the correct username and password with the user name in full ldap format cn="", dc="", dc="") etc.


      when i am trying to add a rule i am not able to understand what to put in the search dn (i am adding our domain as dc=xyz,dc=com). can anybody throw some light on what exactly is required to be put in those fileds and how can i find the information required using an ldap browser.


      i even downloaded the ldap configuration manual of ciphertrust but that doesnt help.


      Thanks in advance.



        • 1. Re: Ldap issues with ironmail
          Nishant Shah

          guys, i was just playing around and what i did was instead of choosing domain type as global i chose domain list and added our domain xyz.com in there. now, when i type the search dn and validating attribute (i have put mail in here and tried sAMAccountName as well).. now when i do a test with an email address, i do get the parsed results but at the top of the window it says ldap test failed..


          anyone has any idea why it is failing inspite of me getting the right information back. and is it better to use domain type based on our domain or global. i think domain type should be set to our perticular domain only.


          please reply asap.


          thanks in advance.



          • 2. Re: Ldap issues with ironmail

            Were you ever able to set this up correctly?  I was also wondering what to put in these fields (search DN, group and member filter)  thanks,

            • 3. Re: Ldap issues with ironmail

              Intrusion Defender - LDAP Profile - Add New

              Name the profile - I use the server name that I am using for the LDAP link

              choose the Platform - Active Directory 2003 in my case

              type in the IP address of the LDAP server

              Port 389 - Non Secure or Secure depending on your configuration

              User DN (type in the User name of an Active Directory account that has browse rights to the entire tree)

              Password - type in that accounts password and Confirm it

              Add multiple LDAP sources to improve reliability and speed of searches


              Then go into LDAP Rules

              Click on the ID of the existing Rule or Add New

              Then click on Profiles (ordered)

              Select the profile you wish to configure

              In the Search DN - type  dc=XY, dc=XYZ, dc=net

              In the Serach Filter - (&(|(proxyAddresses=SMTP:<$EMAIL$>)(proxyAddresses=smtp:<$EMAIL$>)(mail=<$EMAIL $>)(userPrincipalName=<$EMAIL$>))(!(msExchRequireAuthtoSendTo=TRUE)))

              Validate Attribute - objectClass

              Mailhost Attribute - mailhost

              Masq. Attribute - proxyAddresses


              Go to the Test prarameters and enter an email address for one of your users.... and click Test

              Should get a correct reply  if you scroll down the page

              -- or No results returned from the LDAP Server if the address doesn't exist