Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

C100 LDAP accept to multiple AD domains?

Hi All,

Just been settings up our Ironport c100 and noticed that per listener you can only have one LDAP lookup host (or many in failover) however what we require is the following:

Inbound e-mail for user1@domainA.com c100 lookups AD (LDAP) of domainA.com for the user and accepts or denies, now at the same time another inbound e-mail comes in but for user1@domainB.com this needs to the do the lookup against the domainB.com AD server which is a completly different host to domainA.com (infact different network/customer).

From what i can see at the moment I would need to setup a separate Listener for each domain with 2 IPs each which would soon get very out of hand.

Has anybody done this before or have any idea how this could be done??

Just a side note I setup an ADAM server and used the AD to ADAM syncronizer to get a copy of the domain into a partition in the ADAM server and then another domain into its own partition but seeing as the C100 needs a base DN this makes this impossible, unless anybody again has some ideas about this....

5 REPLIES
New Member

Re: C100 LDAP accept to multiple AD domains?

AFAIK the feature you are seeking is on the roadmap for the upcoming release in Q3.

You might want to cross-check that with IronPort support though.

Cheers.
-Torsten

New Member

ADAM...Base DN

Torsten is correct, the feature that you need for supporting either different LDAP servers per domain or tiered LDAP lookups is due in the 5.5 release slated for Q3/2007 so this will be addressed.

With regards to ADAM I personally haven't done an installation with ADAM however I will stated that it's not required to put a base DN into the LDAP profile. So you might want to consider removing the base DN from your ADAM profile and see if the query will work for you.

Another good step might be to download the Softerra LDAP browser utility and take a look at the ADAM server to idenify relevent pieces of LDAP information...assuming that it doesn't conform to AD's (|mail={a})(proxyAddresses=smtp:{a})) query string.

Sincerely,

Jay Bivens
IronPort Systems

New Member

Re: C100 LDAP accept to multiple AD domains?

Excellent thanks for the heads up on the new functionality, I'll give it a shot without the Base DN and see how it goes.

Thanks again.

multiple LDAP servers per domain

Has the feature been released yet?

feature = multiple LDAP servers per domain

Re: multiple LDAP servers per domain

Has the feature been released yet?

feature = multiple LDAP servers per domain



oops. all is good domain based queries

see what happens when you read the manual.

please disregard

289
Views
0
Helpful
5
Replies
CreatePlease login to create content