custom LDAP Query

Unanswered Question
Feb 21st, 2008
User Badges:

Can anyone shoot me an example of a Custom LDAP query, to query other LDAP attributes.
As an example I'd like to query the MailServer attribute then if it returns a certain server, route the message to an alternate server.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Fri, 02/22/2008 - 00:49
User Badges:

In the LDAP section, you'd probably want to use the Routing query [system administration > ldap ]


A query string like this would work. In your case, you would use the "MailServer" attribute.

(&(company=Ironport Systems)(proxyaddresses=smtp:{a}))



cn: John Smith
company: Ironport Systems
dn: CN=John Smith,OU=Employees,DC=Ironport,DC=com
memberof: CN=Support,OU=Mailing list,DC=ironport,DC=com
mail: [email protected]
proxyAddresses: smtp: [email protected]
proxyAddresses: smtp: [email protected]

=============

Using the routing query, you can compare the recipient email with the other attribute. The other attribute needs to be hardcoded.

Then, once you have the query you want, you can use message filters to make use of the ldap routing.




Can anyone shoot me an example of a Custom LDAP query, to query other LDAP attributes.
As an example I'd like to query the MailServer attribute then if it returns a certain server, route the message to an alternate server.
scripe_ironport Fri, 02/22/2008 - 18:11
User Badges:

OK I was able to get the LDAP query to work using a group query. [below]
(&(mail={a})(companyname={g}))

there are a couple other problems.
1) I've entered the LDAP query into a content filter, if it passes it adds a header, then alt-routes it to another host.
However, while the header gets added, it is not routing through the alternate host specified.

2) in reference to the LDAP query, I have tried replacing the companyname with servername, however I can't get it to pass the query. I've tried formating the server name as canonical (CN=servername,OU=unit,O=org,C=US) I've also tried several other ways of formating it and it simply will not pass the quesry.

Any ideas.

Thanks for all your help.!!

kluu_ironport Fri, 02/22/2008 - 20:01
User Badges:


OK I was able to get the LDAP query to work using a group query. [below]
(&(mail={a})(companyname={g}))

there are a couple other problems.
1) I've entered the LDAP query into a content filter, if it passes it adds a header, then alt-routes it to another host.
However, while the header gets added, it is not routing through the alternate host specified.



Can you display the IF condition and the Action of your content filter? Specific examples would be best.



2) in reference to the LDAP query, I have tried replacing the companyname with servername, however I can't get it to pass the query. I've tried formating the server name as canonical (CN=servername,OU=unit,O=org,C=US) I've also tried several other ways of formating it and it simply will not pass the quesry.



If you can enable the LDAP Debug Log, I would like to see what you're submitting in the query.

To create the ldap debug log, follow these steps:

1. In the GUI interface, click on 'System Administration > Log Subscriptions"
2. Add new log, select the "LDAP Debug Log" type.

Once the log is created, run your test again in the LDAP section, "System Administration > LDAP".

Your test will show up in the ldap debug logs that you created. On the command line, you can tail the ldap debug logs while you're doing the test. On the CLI, type "tail" and select the ldap debug log.

If you can submit the results here, that would be useful.


Any ideas.

Thanks for all your help.!!
scripe_ironport Fri, 02/22/2008 - 20:34
User Badges:

:?
I have no idea what I was doing, but I finished some other things and decided I would give the 'mailserver' query another try, darn if it didn't work the first time.
Now the only issue is the action, I have two actions. 1) add a header and 2) alt-mailhost to route the message to another server. the header is getting added but its still routing based on the recipient domain.
as below:
alt-mailhost ("apbmt01pr.domain.com")

kluu_ironport Fri, 02/22/2008 - 21:27
User Badges:

On the CLI of your Ironport appliance type this:

nslookup apbmt01pr.domain.com a


What are the results?


Try using the IP address instead of the hostname.


:? 
I have no idea what I was doing, but I finished some other things and decided I would give the 'mailserver' query another try, darn if it didn't work the first time.
Now the only issue is the action, I have two actions. 1) add a header and 2) alt-mailhost to route the message to another server. the header is getting added but its still routing based on the recipient domain.
as below:
alt-mailhost ("apbmt01pr.domain.com")
scripe_ironport Fri, 02/22/2008 - 21:52
User Badges:

NSLOOKUP does resolve the IP address.
I have not tried the IP address specifically, but we originally tried an address that referenced a couple MX records which also didn't work.
I'll try the IP address,
If not maybe some fresh eyes on Monday will help.

kluu_ironport Fri, 02/22/2008 - 21:55
User Badges:

My only other recommendation is after putting in the alt-mailhost, put in a deliver() final action.


NSLOOKUP  does resolve the IP address.
I have not tried the IP address specifically, but we originally tried an address that referenced a couple MX records which also didn't work.
I'll try the IP address,
If not maybe some fresh eyes on Monday will help.

Actions

This Discussion