Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Lotus Notes LDAP Queries

According to the manual, Ironport has a problem resolving some variations of Lotus Notes email addresses. It seems if the email address isn't specifically listed in the Name and Address Book, then the LDAP query will fail.

Is there anyway to workaround this issue? I just installed a new box and its has been nice to see alot of emails being rejected by the LDAP lookup, however some people have gotten used to using implied variations of email addresses like Firstname_Lastname . This format isn't listed in the NAB, but it should be accepted as valid email.

The only thing I can think of is to have the Notes people add aliases for each user, but I think they'll probably throw something at me!
Thanks,
Tony

5 REPLIES
New Member

Re: Lotus Notes LDAP Queries

Isn't the purpose of LDAP to confirm that the name does exist so it must be listed as an alias?

- Richard

New Member

Re: Lotus Notes LDAP Queries

Maybe I have a similar Notes LDAP problem here. I can browse the LDAP tree with e.g. Softerra's LDAP browser but deeper in the tree I get "Invalid DN Syntax". In the LDAP tree I get all mail addresses but not the aliases. Maybe it's a problem that the Notes server responds to the LDAP query with "/" als separator instead ",". Anywhere in the Notes configuration you can change this behaviour, but I haven't found a Notes specialist yet who can acknowledge this.

New Member

Re: Lotus Notes LDAP Queries

I have opened a support ticket with IBM/Lotus on this. they can reproduce the problem and as of about 2 days now haven't offered a solution. This also is a problem for me with cc addresses going out as heirarchical names. Some folks with Outlook respond to those cc names and they get parsed incorrectly.


Maybe I have a similar Notes LDAP problem here. I can browse the LDAP tree with e.g. Softerra's LDAP browser but deeper in the tree I get "Invalid DN Syntax". In the LDAP tree I get all mail addresses but not the aliases. Maybe it's a problem that the Notes server responds to the LDAP query with "/" als separator instead ",". Anywhere in the Notes configuration you can change this behaviour, but I haven't found a Notes specialist yet who can acknowledge this.

New Member

Re: Lotus Notes LDAP Queries

According to the manual, Ironport has a problem resolving some variations of Lotus Notes email addresses. It seems if the email address isn't specifically listed in the Name and Address Book, then the LDAP query will fail.  


We are using Domino for user, mail-in and group address lookups (both primary and alias addresses) without problems. LDAP will give "user doesn't exist" result if the exact address can't be found. In Domino it's possible to have LDAP lookup into multiple address book, even bind multiple 3rd party LDAP serves behind one Domino LDAP server. (This is configured in directory assitance database.)

In the LDAP tree I get all mail addresses but not the aliases. 


You didn't mention if you are using anonymous LDAP query or authenticated LDAP query. The anonymous LDAP query uses different access rights than authenticated query and is configured differently.

I assume you did anonymous query as you can see primary address but not alias. It's important to remember that the alias address is listed in different Domino field than primary Internet address.

You have to include both "InternetAddress" and "ShortName" Domino fields in default configuration document's LDAP settings (if you make a anonymous LDAP queries). These are set in "Anonymous users can query" field of "LDAP Configuration"

You should have at least the following included in "Anonymous users can query":

"InternetAddress" Domino field linked to "mail" LDAP attribute
"ShortName" Domino field linked to "uid" LDAP attribute

The accept query in IronPort configuration will then look like:
(|(mail={a})(uid={a}))

This should solve both primary and alias addresses...

New Member

Hierarchical Domino LDAP names solved

I got my problem solved! If you put whatever aliases including full hierarchical names (i.e. JoeSixpack/XYZ@XYZ.com) you want to see in Domino LDAP in the Short Name/UserID field of the person doc, then the Ironport LDAP "Accept Query" using (uid={a}) in the query string will resolve the name.

OTOH, my Barracuda will still not resolve hierarchical names, as it has a problem with the "/" character. I had been testing with that appliance, and stepping outside the box I tried the IronPort and it worked!

Life is good until the next user call....


Maybe I have a similar Notes LDAP problem here. I can browse the LDAP tree with e.g. Softerra's LDAP browser but deeper in the tree I get "Invalid DN Syntax". In the LDAP tree I get all mail addresses but not the aliases. Maybe it's a problem that the Notes server responds to the LDAP query with "/" als separator instead ",". Anywhere in the Notes configuration you can change this behaviour, but I haven't found a Notes specialist yet who can acknowledge this.

1692
Views
0
Helpful
5
Replies