Spam Filter ISP Support - Ldap and Imail

Ldap and Imail

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6728
Printed Date: 26 December 2024 at 5:29am

Topic: Ldap and Imail

Posted By: luisduenas
Subject: Ldap and Imail
Date Posted: 03 August 2009 at 7:57pm

Hello , I want to integrate the User Authentication whit the Imail mail software, SF is working in Standart Filters,

But i cant make it work whit differents domains.

whit one domain ej isourcing.com.mx it works
server : my server.
Specify Account : cn=Myuser, o=isourcing.com.mx
Search base DN : o=isourcing.com.mx
Search mask : (|(sAMAccountName=%0:s)(uid=%0:s)(mail=%0:s))

test result= Account successfully logged it

But if I left the search base dn empty , cause I want to use whit diferents domains.
Account failed: Objet does not exist (No existe el objeto)

the ldap structure is:

My server
     o=myDomains.com
                ou=People
                           uid=myUsers
     o=mysecondDomain.com
                ou=People
                           uid=myUsers

Do i need to change to enterprice filters in order to use a Ldap setting peer domain ?
or the is a way to use a varible for domaing striping like "o=%1@:s" to use the email domain for the search base DN ?

Regards.

Replies:

Posted By: LogSat
Date Posted: 03 August 2009 at 10:59pm

luisduenas,

Both SpamFilter ISP "standard" and "Enterprise" have the same exact functionality with LDAP integration, so you can use either version.

As you are able to obtain a successful authentication when filling in the "Search base DN" with "o=isourcing.com.mx", that indicates that your connection settings and the search mask are working correctly.

The default search mask below:

(|(sAMAccountName=%0:s)(uid=%0:s)(mail=%0:s))

is used to locate the specific user in the LDAP structure. The syntax above means that the "%0" place holder will be replaced by the username, and that the three attributes:

sAMAccountNAme

uid

mail

will all be tested to see if they match the username. If any of them match, that will trigger a positive match. According to the ldap structuure you included in the posting, you are most likely getting a "hit" on the "uid" attribute, indicating the default mask we provide works in your environment.

Now going back to your issue when the base dn is empty, SpamFilter does need a base DN to tell SpamFilter from where to start searching in LDAP. Your root domain is specified as "o=myDomains.com". That would actually normally be indicated with something like "o=myDomains,o=com". If the LDAP structure is configured accordingly, this would allow you to specify a base dn of "o=com" with all your domains branching underneath it:

o=com

o=mydomains

ou=People

o=myotherdomain

ou=People

You may also be able to configure your LDAP server to handle referrals, and to provide a reference to which servers handle the other domains. SpamFilter should follow LDAP Referrals accordingly.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: luisduenas
Date Posted: 05 August 2009 at 10:42am

I'll try

thank you.