Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

LDAP routing

I've a little problem with ldap routing. I need to route some outgoing mails to alternate mailhosts. The hostnames are stored in ldap, but the problem is, that I need the sender address ({f}) as lookup key, which is not allowed in routing query.
Any ideas?


Cisco Employee

Re: LDAP routing

It works for me. What version of the Aysnc OS are you running:> ldapconfig

Current LDAP server configurations:
1. AD_LDAP: (

Choose the operation you want to perform:
- NEW - Create a new server configuration.
- EDIT - Modify a server configuration.
- DELETE - Remove a server configuration.
- SETUP - Configure LDAP options.
[]> edit

Enter the name or number of the server configuration you wish to edit.
[]> 1

Hostname: Port 389
Authentication Type: password
Base: dc=domain,dc=com

Choose the operation you want to perform:
- SERVER - Change the server for the query.
- LDAPACCEPT - Configure whether a recipient address should be accepted or bounced/dropped.
- LDAPROUTING - Configure message routing.
- MASQUERADE - Configure domain masquerading.
- LDAPGROUP - Configure whether a sender or recipient is in a specified group.
- SMTPAUTH - Configure SMTP authentication.
[]> lda
ldapaccept, ldaprouting, ldapgroup
[]> ldaprouting

Please create a name for this query:

Enter the LDAP query string:
[(mailLocalAddress={a})]> (mail={f})

Please enter the cache TTL in seconds:

Please enter the maximum number of cache entries to retain:

Do you want to rewrite the Envelope Recipient? [Y]> n

Do you want to send the messages to an alternate mail host? [Y]>

Enter the attribute which contains the alternate mailhost for the recipients.

New Member

Re: LDAP routing

Yes, I can add the query, but it doesn't work. When I want to test it, I get following error message

Error: LDAP Query Syntax Error: Invalid character '=' at position 5 of query

My query is

AsyncOS Version is 5.1.0-314

Cisco Employee

Re: LDAP routing

What happens when you inject an actual message?

New Member

Re: LDAP routing

It does not work. When I inject a message I get

Info: LDAP: unable to process, MID 8965 requeued

in mail_logs.

It works with {a} as lookup value, of course. But I need the sender
address :-(

Cisco Employee

Re: LDAP routing

I verified that the {f} variable does not work with LDAP routing queries. It is possible that this was intentional/not implemented because LDAP routing re-writes the recipient address based upon the recipient address existing in LDAP. At this point, I would recommend contacting Ironport customer to get a formal response.

New Member

Re: LDAP routing

According to Advanced User Guide 5.1, page 113 {f} token is only valid in accept queries. Hope this helps.