Forums and Blog

A SmarterTools-sponsored community.
Welcome to Forums and Blog Sign in | Join | Help
in Search
Home Blog Forums Photos
Forums and Blog » Product Discussions » SmarterMail » LDAP

LDAP

Last post 06-26-2009 5:03 AM by Ellis. 5 replies.
Page 1 of 1 (6 items)
Sort Posts: Previous Next

  • 06-22-2009 3:12 PM

    • Ellis
    • Top 500 Contributor
    • Joined on 06-22-2009
    • Posts 51

    LDAP

    Reply

    We plan to move from iMail to SmarterMail Enterprise.

    We are using an Ironport antispam box, and I would like to query the smartermail LDAP server from the ironport to check for valid email.

    I've read some post about this (even if the forum search tool didn't find any answer on the word LDAP ??) but it was mainly questions like mine, and no answer...

    I am kind of worried by the lack of support on this subject...

    As far as I understand, the SM LDAP server doesn't allow to check for aliases, and then is unusable "as is".

    So I plan to import the user list into another LDAP server (ADAM) we already use with iMail.

    So far, I haven't been able to access the SM LDAP server with an LDAP client (Softerra LDAP Browser) on the same server.

    I used the server IP for "Host" (localhost was giving "can't connect" errors), but I don't know what to use the "base" field (I tried various ou, dc with no success), and I also don't know the correct syntax for the "User DN" field on the Credentials tab.

    I keep geting "Invalid Credentials" error, and the LDAP log in SM folder is empty...

    If anyone knows the right syntax for this, I would appreciate.

    (This old post asked for a sample query but never had an answer... http://www.smartertools.com/forums/p/10475/19107.aspx )

    Is there another way (without LDAP) to get the user list ? I saw there is a 'accountList.xml' file in the Domains folder, maybe it is an easier solution to get it from here ??

    Regards, Bruno (Paris, France)
    Filed under:

  • 06-22-2009 3:27 PM In reply to

    Re: LDAP

    Reply

    Ellis:
    As far as I understand, the SM LDAP server doesn't allow to check for aliases, and then is unusable "as is".

    It will return users, lists and aliases.

    Ellis:
    I used the server IP for "Host" (localhost was giving "can't connect" errors), but I don't know what to use the "base" field (I tried various ou, dc with no success), and I also don't know the correct syntax for the "User DN" field on the Credentials tab.
    Take a look at http://www.smartertools.com/Portal/KB/a137/ldap-implementation-for-barracuda.aspx for an example configuration.

     

    You can retrieve a list of users either by reading the accountList.xml or by using our web services.

    James Lance
    Senior Developer / Analyst
    SmarterTools Inc.
    (877) 357-6278
    www.smartertools.com

    SmarterMail - Mail Server Software
    SmarterTrack - Help Desk Software
    SmarterStats - Web Log Analytics and SEO Software

  • 06-22-2009 4:03 PM In reply to

    • Ellis
    • Top 500 Contributor
    • Joined on 06-22-2009
    • Posts 51

    Re: LDAP

    Reply

    Thank you for answering so quickly !

    It is a good news that aliases are now supported.

    I managed to connect to the LDAP server with the "base" field empty, and an email in the User DN field (without any cn=) (and the password of course).

    I got the folder "cn=users" twice, but as long as I have it, it is ok.

    And I checked, I do have the aliases also.

    Thanks again.

    Bruno

     

  • 06-24-2009 1:09 PM In reply to

    • Ellis
    • Top 500 Contributor
    • Joined on 06-22-2009
    • Posts 51

    Re: LDAP

    Reply

    I can connect with the LDAP Browser but unfortunately, I wasn't able to connect from the ironport, I keep getting "Configuration error".

    Any idea of what I can change or try in my settings ?
    Filed under: ,

  • 06-26-2009 3:39 AM In reply to

    Re: LDAP

    Reply

    Hi Ellis

    I have the same problem. I want to set it up with a Fortigate Firewall. I also opened a second Post, as it's a different Firewall. I hop we will get some good support on this.

    I also wondered about these points, and added them to my Post:

    - You will need to configure Barracuda's LDAP for each domain that it is filtering for. -> Does this mean I have to configure LDAP Rules for all of our 80 Hosting Domains?? Is there no administrator login I can use to query ALL Email Addresses? (We're using the enterprise version)


    - IMPORTANT NOTE: Be aware that in the LDAP feature's current state, it will only verify true mailboxes. It will not verify Email Aliases and Mailing Lists. -> I now saw in another Post, that this has been fixed. Because oterhwise the feature would be unusable. Can you please confirm this?

    Hope it will work soon.

    Best regards.

    Patrick

  • 06-26-2009 5:03 AM In reply to

    • Ellis
    • Top 500 Contributor
    • Joined on 06-22-2009
    • Posts 51

    Re: LDAP

    Reply

    Hi Patrick,

    I don't know how it works on Fortigate, I guess every firewall/Spamfilter has its own settings.

    On the ironport there is a default setting, but if you are using different LDAP for different domains like us, you need to specify the LDAP rule to use for domains not using the default LDAP server.

    I confirm I can see mail AND aliases in the LDAP server (I didn't test maillist but I guess it is working too now).

    I'm in touch with ironport/cisco support but for now I'm still unable to check successfully the SmarterMail LDAP (when checking for a non existent email I do have something like "no matching LDAP record was found", but for valid email I have an error :
    Cannot decode DN and attributes/values: ['mail="name@mydomain.com", dc="mydomain.com"']

     Edit : Ironport support told me to try cn=users as DN
Page 1 of 1 (6 items)
Copyright © 2002-2010 SmarterTools Inc. All Rights Reserved.