Lotus Notes LDAP Queries

Unanswered Question
Aug 20th, 2007
User Badges:

According to the manual, Ironport has a problem resolving some variations of Lotus Notes email addresses. It seems if the email address isn't specifically listed in the Name and Address Book, then the LDAP query will fail.

Is there anyway to workaround this issue? I just installed a new box and its has been nice to see alot of emails being rejected by the LDAP lookup, however some people have gotten used to using implied variations of email addresses like Firstname_Lastname . This format isn't listed in the NAB, but it should be accepted as valid email.

The only thing I can think of is to have the Notes people add aliases for each user, but I think they'll probably throw something at me!
Thanks,
Tony

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
IIAGDTRnSC Mon, 08/20/2007 - 22:56
User Badges:

Isn't the purpose of LDAP to confirm that the name does exist so it must be listed as an alias?

- Richard

rnaegele_ironport Thu, 08/23/2007 - 11:01
User Badges:

Maybe I have a similar Notes LDAP problem here. I can browse the LDAP tree with e.g. Softerra's LDAP browser but deeper in the tree I get "Invalid DN Syntax". In the LDAP tree I get all mail addresses but not the aliases. Maybe it's a problem that the Notes server responds to the LDAP query with "/" als separator instead ",". Anywhere in the Notes configuration you can change this behaviour, but I haven't found a Notes specialist yet who can acknowledge this.

IIAGDTRnSC Thu, 08/23/2007 - 13:28
User Badges:

I have opened a support ticket with IBM/Lotus on this. they can reproduce the problem and as of about 2 days now haven't offered a solution. This also is a problem for me with cc addresses going out as heirarchical names. Some folks with Outlook respond to those cc names and they get parsed incorrectly.


Maybe I have a similar Notes LDAP problem here. I can browse the LDAP tree with e.g. Softerra's LDAP browser but deeper in the tree I get "Invalid DN Syntax". In the LDAP tree I get all mail addresses but not the aliases. Maybe it's a problem that the Notes server responds to the LDAP query with "/" als separator instead ",". Anywhere in the Notes configuration you can change this behaviour, but I haven't found a Notes specialist yet who can acknowledge this.
Rayman_Jr Mon, 08/27/2007 - 08:57
User Badges:


According to the manual, Ironport has a problem resolving some variations of Lotus Notes email addresses. It seems if the email address isn't specifically listed in the Name and Address Book, then the LDAP query will fail.  


We are using Domino for user, mail-in and group address lookups (both primary and alias addresses) without problems. LDAP will give "user doesn't exist" result if the exact address can't be found. In Domino it's possible to have LDAP lookup into multiple address book, even bind multiple 3rd party LDAP serves behind one Domino LDAP server. (This is configured in directory assitance database.)

In the LDAP tree I get all mail addresses but not the aliases. 


You didn't mention if you are using anonymous LDAP query or authenticated LDAP query. The anonymous LDAP query uses different access rights than authenticated query and is configured differently.

I assume you did anonymous query as you can see primary address but not alias. It's important to remember that the alias address is listed in different Domino field than primary Internet address.

You have to include both "InternetAddress" and "ShortName" Domino fields in default configuration document's LDAP settings (if you make a anonymous LDAP queries). These are set in "Anonymous users can query" field of "LDAP Configuration"

You should have at least the following included in "Anonymous users can query":

"InternetAddress" Domino field linked to "mail" LDAP attribute
"ShortName" Domino field linked to "uid" LDAP attribute

The accept query in IronPort configuration will then look like:
(|(mail={a})(uid={a}))

This should solve both primary and alias addresses...
IIAGDTRnSC Wed, 08/29/2007 - 14:00
User Badges:

I got my problem solved! If you put whatever aliases including full hierarchical names (i.e. JoeSixpack/[email protected]) you want to see in Domino LDAP in the Short Name/UserID field of the person doc, then the Ironport LDAP "Accept Query" using (uid={a}) in the query string will resolve the name.

OTOH, my Barracuda will still not resolve hierarchical names, as it has a problem with the "/" character. I had been testing with that appliance, and stepping outside the box I tried the IronPort and it worked!

Life is good until the next user call....


Maybe I have a similar Notes LDAP problem here. I can browse the LDAP tree with e.g. Softerra's LDAP browser but deeper in the tree I get "Invalid DN Syntax". In the LDAP tree I get all mail addresses but not the aliases. Maybe it's a problem that the Notes server responds to the LDAP query with "/" als separator instead ",". Anywhere in the Notes configuration you can change this behaviour, but I haven't found a Notes specialist yet who can acknowledge this.

Actions

This Discussion