Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Problems Connecting To Active Directory Using LDAP

Posted on 2008-10-09
7
Medium Priority
?
6,284 Views
Last Modified: 2013-12-24
Hello. I am trying to have our Barracuda Spam Firewall 300 verify incoming email addresses against Active Directory using LDAP. I can telnet and login just fine, so I am sure that everything is running correctly. The Barracuda requires the following information:

LDAP Server: 10.0.0.2 (SBS 2003)
LDAP Port: 389 (which I can telnet to)
BIND DN: User (I have created a user within AD that has only Domain User rights; I can telnet fine with this User).
BIND Password: user's password
LDAP Filter: using the default ((|(proxyaddress=smtp:${recipient_email})(mail=${recipient_email}))
LDAP Search Base: default (${defaultNamingContext}
LDAP UID: deafult for AD: sAMAccountName
Valid Email For Testing: my valid email address

When I try to test this I receive the following error:

could not set open file limit to 8192: Operation not permitted
lookup order: fb
listening on localhost/59447
answering client connection request from 127.0.0.1/59448
received from 127.0.0.1/59448: GET user@domain.com
email address: user@domain.com
telling 127.0.0.1/59448: 200 550 DB verification agent failed%3A
received from 127.0.0.1/59448: QUIT
hanging up on client 127.0.0.1/59448
exiting on SIGTERM

I am new to LDAP and have no clue as to where to go from here. I have posted this to the Barracuda forums, but have received no response as of yet.

Thank you.
0
Comment
Question by:ctsuhako
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 600 total points
ID: 22681041
Pointing your Barracuda at your DC won't do anything.  The LDAP query will only look at the directory but not actually write anything to it.  I created a user called ldap and use it for my barracuda.  That account only needs to be part of the domain user's group and nothing more.

Check your LDAP settings to to make sure:
LDAP Server: SERVERNAME.op-tn.org
LDAP Port: 389
Exchange Accelerator: YES
Unify Email Address: YES
SSL: OFF
Require SSL: NO
Bind DN: ldap@op-tn.org
Bind Passwod: LDAP's PASSWORD
LDAP Filter: (|(proxyaddresses=smtp$${recipient_email})(proxyaddresses=smtp:${recipient_email}))
--the filter can be changed but this one looks at all of the user's e-mail addresses for verifcation
LDAP Search Base: ${defaultNamingContext}
LDAP UID: sAMAccountName
LDAP Primary Email Attribute: MAIL
0
 

Author Comment

by:ctsuhako
ID: 22681129
Thanks for the reply. I have already created a user for the Barracuda's use and that is what I am using as the BIND DN (user@domain.com). Byt I still get this error.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1400 total points
ID: 22685167

> BIND DN

DN = Distinguished Name. That normally means the Bind DN should be something like:

CN=User Name,OU=Some where,DC=yourdomain,DC=com

The User Name above is as seen in AD users and computers, but the DN must be the full path to the user.

It may well work with the userPrincipalName above, but it would at least be worth trying this method. It depends a great deal on the software interface.

Do you have anything that indicates the LDAP bind is failing? This error:

> could not set open file limit to 8192: Operation not permitted

Doesn't really indicate that so this may be the wrong tree :)

Chris
0
 

Author Comment

by:ctsuhako
ID: 22687007
Thanks, Chris. I am out of the office, but will try this on Monday.
0
 

Author Comment

by:ctsuhako
ID: 22712386
Hi, Chris:

Tries using the full DN, but still no joy. I can bind with this user using ldp.exe, so I am unsure what the issue may be.
0
 

Accepted Solution

by:
ctsuhako earned 0 total points
ID: 22712591
Nevermind. Pointing to the server IP instead of the domain name cleared up the issue.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question