C100 LDAP accept to multiple AD domains?

Unanswered Question
Jun 7th, 2007
User Badges:

Hi All,

Just been settings up our Ironport c100 and noticed that per listener you can only have one LDAP lookup host (or many in failover) however what we require is the following:

Inbound e-mail for [email protected] c100 lookups AD (LDAP) of domainA.com for the user and accepts or denies, now at the same time another inbound e-mail comes in but for [email protected] this needs to the do the lookup against the domainB.com AD server which is a completly different host to domainA.com (infact different network/customer).

From what i can see at the moment I would need to setup a separate Listener for each domain with 2 IPs each which would soon get very out of hand.

Has anybody done this before or have any idea how this could be done??

Just a side note I setup an ADAM server and used the AD to ADAM syncronizer to get a copy of the domain into a partition in the ADAM server and then another domain into its own partition but seeing as the C100 needs a base DN this makes this impossible, unless anybody again has some ideas about this....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Torsten_ironport Fri, 06/08/2007 - 11:39
User Badges:

AFAIK the feature you are seeking is on the roadmap for the upcoming release in Q3.

You might want to cross-check that with IronPort support though.


jbivens_ironport Fri, 06/08/2007 - 19:22
User Badges:

Torsten is correct, the feature that you need for supporting either different LDAP servers per domain or tiered LDAP lookups is due in the 5.5 release slated for Q3/2007 so this will be addressed.

With regards to ADAM I personally haven't done an installation with ADAM however I will stated that it's not required to put a base DN into the LDAP profile. So you might want to consider removing the base DN from your ADAM profile and see if the query will work for you.

Another good step might be to download the Softerra LDAP browser utility and take a look at the ADAM server to idenify relevent pieces of LDAP information...assuming that it doesn't conform to AD's (|mail={a})(proxyAddresses=smtp:{a})) query string.


Jay Bivens
IronPort Systems

Synth_ironport Mon, 06/11/2007 - 01:01
User Badges:

Excellent thanks for the heads up on the new functionality, I'll give it a shot without the Base DN and see how it goes.

Thanks again.

sasrlp807_ironport Sat, 03/15/2008 - 13:32
User Badges:

Has the feature been released yet?

feature = multiple LDAP servers per domain

oops. all is good domain based queries

see what happens when you read the manual.

please disregard


This Discussion