2 Replies Latest reply on Oct 18, 2011 10:14 AM by janmh

    IronMail 6.7.1 LDAP question

      We currently have synchronization rule and would like to change to realtime.  It appears that we need to create a new rule and disable to old.  My question is this:  With sync rule, we have many "groups" that were imported from AD.  Our sync takes ~15 minutes and we only due it once a day.  When we create the new realtime rule and disable the current sync rule, will all of the imported groups remain?  If so, then I will need to manually remove them - correct?

       

      Also, our network guys are concerned due to information from the past.  Can anyone validate/dispute the following:

      My concern was the way that securemail did the load.  It would read the entire directory, all at once as part of 1 huge LDAP query.   Also, they couldn’t time the sync… and couldn’t prove it was fast/slow or otherwise.  Not as much of an issue as the AD load factor.

       

      If they can serialize the load into smaller chunks that would be better.  We couldn’t change/narrow the LDAP search scope for the sync b/c of some OU’s in AD were at root level as the main OU where all of the user accounts lived.  Securemail wasn’t able to use multiple search scopes so we would have needed to move the OU’s under the main OU and there were GPO exception policies configured at some of the OU’s for specific accounts.  The risk/reward of moving the OU’s didn’t match the need to sync more than once a day. 

       

      Can anyone assist me please?

       

      Jan