Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2585
Views
0
Helpful
6
Replies

LDAP routing

asteiner_ironport
Level 1
Level 1

‎04-25-2007 04:04 PM

Hi,
I've a little problem with ldap routing. I need to route some outgoing mails to alternate mailhosts. The hostnames are stored in ldap, but the problem is, that I need the sender address ({f}) as lookup key, which is not allowed in routing query.
Any ideas?

Thanks,
Axel

Labels:
0 Helpful
6 Replies 6

jaigill
Cisco Employee
Cisco Employee

‎04-25-2007 07:12 PM

It works for me. What version of the Aysnc OS are you running:

ironhost.com> ldapconfig

Current LDAP server configurations:
1. AD_LDAP: (djskd.ironport.com:389)


Choose the operation you want to perform:
- NEW - Create a new server configuration.
- EDIT - Modify a server configuration.
- DELETE - Remove a server configuration.
- SETUP - Configure LDAP options.
[]> edit

Enter the name or number of the server configuration you wish to edit.
[]> 1

Name: AD_LDAP
Hostname: djskd.ironport.com Port 389
Authentication Type: password
Base: dc=domain,dc=com
LDAPACCEPT: AD_LDAP.accept
LDAPGROUP: AD_LDAP.ldapgroup


Choose the operation you want to perform:
- SERVER - Change the server for the query.
- LDAPACCEPT - Configure whether a recipient address should be accepted or bounced/dropped.
- LDAPROUTING - Configure message routing.
- MASQUERADE - Configure domain masquerading.
- LDAPGROUP - Configure whether a sender or recipient is in a specified group.
- SMTPAUTH - Configure SMTP authentication.
[]> lda
ldapaccept, ldaprouting, ldapgroup
[]> ldaprouting

Please create a name for this query:
[AD_LDAP.routing]>

Enter the LDAP query string:
[(mailLocalAddress={a})]> (mail={f})

Please enter the cache TTL in seconds:
[900]>

Please enter the maximum number of cache entries to retain:
[10000]>

Do you want to rewrite the Envelope Recipient? [Y]> n

Do you want to send the messages to an alternate mail host? [Y]>

Enter the attribute which contains the alternate mailhost for the recipients.
[mailHost]>

0 Helpful

asteiner_ironport
Level 1
Level 1

‎04-26-2007 10:18 AM

Yes, I can add the query, but it doesn't work. When I want to test it, I get following error message

Error: LDAP Query Syntax Error: Invalid character '=' at position 5 of query
"(mail=)"


My query is 
(mail={f})


AsyncOS Version is 5.1.0-314

0 Helpful

jaigill
Cisco Employee
Cisco Employee

‎04-26-2007 05:21 PM

What happens when you inject an actual message?

0 Helpful

asteiner_ironport
Level 1
Level 1

‎04-27-2007 10:04 AM

It does not work. When I inject a message I get 

Info: LDAP: unable to process, MID 8965 requeued

in mail_logs.

It works with {a} as lookup value, of course. But I need the sender
address :-(

0 Helpful

jaigill
Cisco Employee
Cisco Employee

‎04-27-2007 10:03 PM

I verified that the {f} variable does not work with LDAP routing queries. It is possible that this was intentional/not implemented because LDAP routing re-writes the recipient address based upon the recipient address existing in LDAP. At this point, I would recommend contacting Ironport customer to get a formal response.

0 Helpful

Poesjkin_ironport
Level 1
Level 1

‎04-29-2007 10:13 PM

According to Advanced User Guide 5.1, page 113 {f} token is only valid in accept queries. Hope this helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents