10-07-2009 02:02 PM
Hey,
this may be a very stupid question but i'm new on ironport.
At the moment our Ironport is checking whether an email is accepted by RAT. Soon I plan to use LDAP.
Is it possible to use a LDAP-Query instead of RAT.
Regarding the listener i can't modify the field "Recipient Access Table".
Thx.
10-07-2009 05:06 PM
sven -
that's a fine question as many people need to accomplish that. you do not necessarily edit or remove your RAT, you just add another layer of checking.
you'll need an LDAP accept query - and here's how to do it:
http://tinyurl.com/hjsn4
take care!
12-03-2009 07:09 AM
Hi,
sorry, but i didn't have the time until yet to try it out.
So i experimented yesterday and found my next question:
I don't want to accept all the adresses, listed in my AD. So an accept query would be the wrong way. It has to be a group query.
This is also definable on the listener. But i do not find the right place to tell the ironport against which group this group query should check.
I hope you understand what i want to do.
Don't hesitate to ask me for more information ;)
THX!
12-03-2009 04:34 PM
yea that makes sense to me for the most part.
you probably want to add a term to your query that enforces this "group" name. that means taking your default query (which I'm guessing at since you haven't provided one) and add in a group-like statement for the following logic
(memberOf = actual DN) AND (mail OR proxyAddresses = rcpt to address)
actual syntax for your AD it might look like:
&(memberOf="CN=we,CN=foo,DC=bar,DC=tld")(|(mail={a})(proxyAddresses=smtp:{a}))
give that a shot.
andrew
12-04-2009 06:53 AM
Hi,
i had the same idea yesterday morning but the following message appears when i'm going to use the "test-button" on the ldap configuration site:
(I used a fully qualified name of a group, which exists in my AD ;-) --> same result)
Query results for host:XXX.XXX.XXX.XXX
Query (&(memberOf="CN=we,CN=foo,DC=bar,DC=tld")(|(mail=test@email.de)(otherMailbox=test@email.de)(proxyAddresses=smtp:test@email.de))) to server ldap_recieve (xxx.xxx.xxx.xxx:389)
Query (&(memberOf="CN=we,CN=foo,DC=bar,DC=tld")(|(mail=test@email.de)(otherMailbox=test@email.de)(proxyAddresses=smtp:test@email.de))) lookup failed: LDAP Query Syntax Error: Invalid character 'w' at position 16 of query "(&(memberOf="CN=we,CN=foo,DC=bar,DC=tld")(|(mail=test@email.de)(otherMailbox=test@email.de)(proxyAddresses=smtp:test@email.de)))"
Failure: LDAP Query Syntax Error: Invalid character 'w' at position 16 of query "(&(memberOf="CN=we,CN=foo,DC=bar,DC=tld")(|(mail=test@email.de)(otherMailbox=test@email.de)(proxyAddresses=smtp:test@email.de)))"
12-04-2009 04:02 PM
sven -
do you mind opening a support case on this? i am 99% sure there is a defect which requires us to escape our distinguished name values '=' with '%3d' or something along those lines to look like 'CN%3dfoo,DC%3dbar' etc. if we get a support case and remote access tunnel, we can isolate your requirements and run an ldapsearch against your directory to confirm this.
i just need to look further in to it before confirming. we can always post the answer back here in any case.
andrew
12-07-2009 06:38 AM
Hi,
support case has been opened: #525239
12-07-2009 02:32 PM
Hi,
you're almost right!
I think the support and me found the solution nearly in parallel :-D
Like already posted, you have to replace the "=" at the fully qualified name of the group with this string "\3d".
So the syntax for the accept-query looks like this
&(memberOf=CN\3dwe,CN\3dfoo,DC\3dbar,DC\3dtld")(|(mail={a})(proxyAddresses=smtp:{a}))
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: