Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP - AD - Referral following yielded no result

Hi,

I have some problems with LDAP Queries.

I want to querie my Active Directory on port 389 from our Ironport C350 which stands in the DMZ. Firewall has been opened for this connection.

When I configure the LDAP accept querie an test it, I get an error
"Referral following yielded no result".
Does anyone know what this means and how I can solve this problem?

FyI:
I have configured our Ironport in our LAN with exactly the same configuration. This works fine.

Regards
Andre

4 REPLIES
New Member

Re: LDAP - AD - Referral following yielded no result

Can you enable the ldap debug log and run your test again and paste in the results?

1. To create the ldap debug log, go to "System Administration > Log Subscriptions", click on Add log, select ldap debug log, submit / commit changes.

Then run your test again while running a the "tail" command on the ldap debug log.

From the cli, type "tail", and select ldap log.


then paste the results here, and hiding private data if you need.


Hi,

I have some problems with LDAP Queries.

I want to querie my Active Directory on port 389 from our Ironport C350 which stands in the DMZ. Firewall has been opened for this connection.

When I configure the LDAP accept querie an test it, I get an error
"Referral following yielded no result".
Does anyone know what this means and how I can solve this problem?

FyI:
I have configured our Ironport in our LAN with exactly the same configuration. This works fine.

Regards
Andre

Re: LDAP - AD - Referral following yielded no result

here ist the tail from ldap log

Fri Apr 18 07:35:40 2008 Info: Version: 6.0.0-747 SN: 00188B52808E-6NP2JC1
Fri Apr 18 07:35:40 2008 Info: Time offset from UTC: 7200 seconds
Fri Apr 18 07:36:17 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444: 389) (809) Connection closed (EOF)
Fri Apr 18 07:36:17 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444: 389) (809) Connection interrupted (writer)
Fri Apr 18 07:36:17 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444: 389) (819) connecting to server
Fri Apr 18 07:36:17 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444: 389) (819) connected to server
Fri Apr 18 07:36:47 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444: 389) (810) Connection closed (EOF)
Fri Apr 18 07:36:47 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444: 389) (810) Connection interrupted (writer)
Fri Apr 18 07:36:47 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444: 389) (820) connecting to server
Fri Apr 18 07:36:47 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444: 389) (820) connected to server
Fri Apr 18 07:39:03 2008 Debug: LDAP: Clearing LDAP server-group "LDAPO" cache
Fri Apr 18 07:39:03 2008 Debug: LDAP: Clearing LDAP server-group "LDAPO" cache
Fri Apr 18 07:39:03 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444:389) (1) connecting to server
Fri Apr 18 07:39:03 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444:389) (1) connected to server
Fri Apr 18 07:39:04 2008 Debug: LDAP: (accept) Query (|(mail=name@domain.de)(proxyAddresses=smtp:name@domain.de)) to server LDAPO (111.222.333.444:389)
Fri Apr 18 07:39:04 2008 Debug: LDAP: Could not find a server to follow referral: ldap://lan/DV=BASEDN,DC=BASEDN
Fri Apr 18 07:39:04 2008 Debug: LDAP: Could not follow referral: ldap://lan/DV=BASEDN,DC=BASEDN
Fri Apr 18 07:39:04 2008 Debug: LDAP: (accept) Query (|(mail=name@domain.de)(proxyAddresses=smtp:name@domain.de)) lookup failed: Referral following yielded no result.
Fri Apr 18 07:39:04 2008 Critical: LDAP: query LDAPO.accept result Referral following yielded no result.
Fri Apr 18 07:39:09 2008 Debug: LDAP: LDAPO:111.222.333.444(111.222.333.444:389) (1) Connection interrupted (writer)

New Member

Re: LDAP - AD - Referral following yielded no result

From looking at the debug log, I think there are two things that could be the problem:

1. The starting point of your "base dn" may not be specifc enough. Trying being more specific on where you start performing the ldap lookup. For example, if all the internal users are found in this part of the tree:


OU=Users,OC=Exchange,DC=company,DC=local

then use that as your BASE DN instead of simply "DC=company,DC=com" for example.


2. Or, the other thing that may be the problem is permissions. Maybe the user that you're using to authenticate and log into the ldap server can't access certain parts of the tree. Try using the administrator's ldap credentials to log in and try that.


Also, I would highly recommend that you try Softerra ldap browser if you haven't. You can download the free version ldap browser version 2.6 from their website. http://www.ldapbrowser.com then go to the Download section.

If you decide to install it, create a profile, then search your tree for where the users are and see what is the best "base dn" to start your search.

If you still can't get the error to go away, contact Support and they can help.


Fri Apr 18 07:39:04 2008 Debug: LDAP: Could not find a server to follow referral: ldap://lan/DV=BASEDN,DC=BASEDN
Fri Apr 18 07:39:04 2008 Debug: LDAP: Could not follow referral: ldap://lan/DV=BASEDN,DC=BASEDN
Fri Apr 18 07:39:04 2008 Debug: LDAP: (accept) Query (|(mail=name@domain.de)(proxyAddresses=smtp:name@domain.de)) lookup failed: Referral following yielded no result.
Fri Apr 18 07:39:04 2008 Critical: LDAP: query LDAPO.accept result Referral following yielded no result.

Re: LDAP - AD - Referral following yielded no result

Great, LDAP Queries are working now.
I have configured the query as you described in 1.

Thanks for your advise!

1005
Views
0
Helpful
4
Replies
CreatePlease to create content