Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3503
Views
0
Helpful
5
Replies

LDAP Acceptance Query

antony.gallez.abnetwork_ironport
Level 1
Level 1

‎03-23-2008 11:12 PM

Hello everybody,

I would like to know if it's possible to enable a "LDAP Acceptance query" only for one domain protected by Ironport?

I explain myself:
Our Ironport is used by 3 companies. One company has an exchange server and so LDAP is possible - and it works well. But (badly but) the others has another product as mail server which does not support LDAP query.

So I would like to enable LDAP acceptance query for the first company and nothing fir the 2 others.

Last, I would like to enable LDAP authentication for Spam Quarantine if possible.

Regards,
GALLEZ Antony

Labels:
0 Helpful
5 Replies 5

antony.gallez.abnetwork_ironport
Level 1
Level 1

‎03-23-2008 11:39 PM

I've found... I haven't seen the option "Bypass LDAP Accept Queries for this Recipient".

Forget me post.

0 Helpful

staylor_ironport
Level 1
Level 1

‎03-25-2008 08:39 PM

Hi there, Bypass LDAP Accept is the easiest way, but a way to give you more control would be to create a seperate MX record for each company.
On the IronPort have an individual listener for each company, that way you can have multiple routing, accept and group queries for each company.

But as you have already found the Bypass LDAP in the RAT is the easiest option :lol:

0 Helpful

antony.gallez.abnetwork_ironport
Level 1
Level 1

‎03-25-2008 09:41 PM 

Hi there, Bypass LDAP Accept is the easiest way, but a way to give you more control would be to create a seperate MX record for each company.
On the IronPort have an individual listener for each company, that way you can have multiple routing, accept and group queries for each company.

But as you have already found the Bypass LDAP in the RAT is the easiest option  :lol:


Different MX Records means that we need different public IP adresses and we only have one. So, I'll use the "Bypass LDAP Accept" option.

BTW, thanks for your response, I haven't thought at different MX Record...

0 Helpful

shannon.hagan
Level 1
Level 1

‎03-26-2008 10:13 PM

Starting with 5.5, they have domain based queries. I believe if you tell it to accept all the domains and then only set up domain based ldap acceptance queries for the domains that have ldap then it will work the way you want.

0 Helpful

staylor_ironport
Level 1
Level 1

‎03-26-2008 10:18 PM

Think what you are referring to is called "Domain Assignment" it's a way of having multiple LDAP servers that hold different data, and through Domain Assignments you can specify which LDAP server to use based on the rcpt-to domain. The issue you have is that if there are no records on the LDAP for that rcpt that will be classed as a negative result and therefore be bounced.

In the case of having multiple domains and only having LDAP for one specific domain then you do need to use either the RAT "Bypass LDAP" or multiple MX records and configure on the listeners.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents