cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1500
Views
0
Helpful
5
Replies

C100 LDAP accept to multiple AD domains?

Synth_ironport
Level 1
Level 1

Hi All,

Just been settings up our Ironport c100 and noticed that per listener you can only have one LDAP lookup host (or many in failover) however what we require is the following:

Inbound e-mail for user1@domainA.com c100 lookups AD (LDAP) of domainA.com for the user and accepts or denies, now at the same time another inbound e-mail comes in but for user1@domainB.com this needs to the do the lookup against the domainB.com AD server which is a completly different host to domainA.com (infact different network/customer).

From what i can see at the moment I would need to setup a separate Listener for each domain with 2 IPs each which would soon get very out of hand.

Has anybody done this before or have any idea how this could be done??

Just a side note I setup an ADAM server and used the AD to ADAM syncronizer to get a copy of the domain into a partition in the ADAM server and then another domain into its own partition but seeing as the C100 needs a base DN this makes this impossible, unless anybody again has some ideas about this....

5 Replies 5

AFAIK the feature you are seeking is on the roadmap for the upcoming release in Q3.

You might want to cross-check that with IronPort support though.

Cheers.
-Torsten

Torsten is correct, the feature that you need for supporting either different LDAP servers per domain or tiered LDAP lookups is due in the 5.5 release slated for Q3/2007 so this will be addressed.

With regards to ADAM I personally haven't done an installation with ADAM however I will stated that it's not required to put a base DN into the LDAP profile. So you might want to consider removing the base DN from your ADAM profile and see if the query will work for you.

Another good step might be to download the Softerra LDAP browser utility and take a look at the ADAM server to idenify relevent pieces of LDAP information...assuming that it doesn't conform to AD's (|mail={a})(proxyAddresses=smtp:{a})) query string.

Sincerely,

Jay Bivens
IronPort Systems

Synth_ironport
Level 1
Level 1

Excellent thanks for the heads up on the new functionality, I'll give it a shot without the Base DN and see how it goes.

Thanks again.

Has the feature been released yet?

feature = multiple LDAP servers per domain

Has the feature been released yet?

feature = multiple LDAP servers per domain



oops. all is good domain based queries

see what happens when you read the manual.

please disregard

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: