Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1384 Views 3 Replies Latest reply: Sep 4, 2012 2:28 PM by slhart RSS
Nishant Shah Newcomer 44 posts since
Aug 24, 2010
Currently Being Moderated

Jun 14, 2011 5:29 AM

Ldap issues with ironmail

Hi Guys,


I am trying to configure ldap on our ironmail so we can use address validation on ironmail. I have added a profile with the correct username and password with the user name in full ldap format cn="", dc="", dc="") etc.


when i am trying to add a rule i am not able to understand what to put in the search dn (i am adding our domain as dc=xyz,dc=com). can anybody throw some light on what exactly is required to be put in those fileds and how can i find the information required using an ldap browser.


i even downloaded the ldap configuration manual of ciphertrust but that doesnt help.


Thanks in advance.



  • feeeds The Place at McAfee Member 102 posts since
    Apr 26, 2011
    Currently Being Moderated
    2. Aug 15, 2012 9:02 AM (in response to Nishant Shah)
    Re: Ldap issues with ironmail

    Were you ever able to set this up correctly?  I was also wondering what to put in these fields (search DN, group and member filter)  thanks,

  • slhart Newcomer 1 posts since
    Sep 4, 2012
    Currently Being Moderated
    3. Sep 4, 2012 2:28 PM (in response to feeeds)
    Re: Ldap issues with ironmail

    Intrusion Defender - LDAP Profile - Add New

    Name the profile - I use the server name that I am using for the LDAP link

    choose the Platform - Active Directory 2003 in my case

    type in the IP address of the LDAP server

    Port 389 - Non Secure or Secure depending on your configuration

    User DN (type in the User name of an Active Directory account that has browse rights to the entire tree)

    Password - type in that accounts password and Confirm it

    Add multiple LDAP sources to improve reliability and speed of searches


    Then go into LDAP Rules

    Click on the ID of the existing Rule or Add New

    Then click on Profiles (ordered)

    Select the profile you wish to configure

    In the Search DN - type  dc=XY, dc=XYZ, dc=net

    In the Serach Filter - (&(|(proxyAddresses=SMTP:<$EMAIL$>)(proxyAddresses=smtp:<$EMAIL$>)(mail=<$EMAIL $>)(userPrincipalName=<$EMAIL$>))(!(msExchRequireAuthtoSendTo=TRUE)))

    Validate Attribute - objectClass

    Mailhost Attribute - mailhost

    Masq. Attribute - proxyAddresses


    Go to the Test prarameters and enter an email address for one of your users.... and click Test

    Should get a correct reply  if you scroll down the page

    -- or No results returned from the LDAP Server if the address doesn't exist

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points