Solved

Problems Connecting To Active Directory Using LDAP

Posted on 2008-10-09
7
6,172 Views
Last Modified: 2013-12-24
Hello. I am trying to have our Barracuda Spam Firewall 300 verify incoming email addresses against Active Directory using LDAP. I can telnet and login just fine, so I am sure that everything is running correctly. The Barracuda requires the following information:

LDAP Server: 10.0.0.2 (SBS 2003)
LDAP Port: 389 (which I can telnet to)
BIND DN: User (I have created a user within AD that has only Domain User rights; I can telnet fine with this User).
BIND Password: user's password
LDAP Filter: using the default ((|(proxyaddress=smtp:${recipient_email})(mail=${recipient_email}))
LDAP Search Base: default (${defaultNamingContext}
LDAP UID: deafult for AD: sAMAccountName
Valid Email For Testing: my valid email address

When I try to test this I receive the following error:

could not set open file limit to 8192: Operation not permitted
lookup order: fb
listening on localhost/59447
answering client connection request from 127.0.0.1/59448
received from 127.0.0.1/59448: GET user@domain.com
email address: user@domain.com
telling 127.0.0.1/59448: 200 550 DB verification agent failed%3A
received from 127.0.0.1/59448: QUIT
hanging up on client 127.0.0.1/59448
exiting on SIGTERM

I am new to LDAP and have no clue as to where to go from here. I have posted this to the Barracuda forums, but have received no response as of yet.

Thank you.
0
Comment
Question by:ctsuhako
  • 4
  • 2
7 Comments
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 150 total points
Comment Utility
Pointing your Barracuda at your DC won't do anything.  The LDAP query will only look at the directory but not actually write anything to it.  I created a user called ldap and use it for my barracuda.  That account only needs to be part of the domain user's group and nothing more.

Check your LDAP settings to to make sure:
LDAP Server: SERVERNAME.op-tn.org
LDAP Port: 389
Exchange Accelerator: YES
Unify Email Address: YES
SSL: OFF
Require SSL: NO
Bind DN: ldap@op-tn.org
Bind Passwod: LDAP's PASSWORD
LDAP Filter: (|(proxyaddresses=smtp$${recipient_email})(proxyaddresses=smtp:${recipient_email}))
--the filter can be changed but this one looks at all of the user's e-mail addresses for verifcation
LDAP Search Base: ${defaultNamingContext}
LDAP UID: sAMAccountName
LDAP Primary Email Attribute: MAIL
0
 
LVL 18

Expert Comment

by:sk_raja_raja
Comment Utility
0
 

Author Comment

by:ctsuhako
Comment Utility
Thanks for the reply. I have already created a user for the Barracuda's use and that is what I am using as the BIND DN (user@domain.com). Byt I still get this error.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 350 total points
Comment Utility

> BIND DN

DN = Distinguished Name. That normally means the Bind DN should be something like:

CN=User Name,OU=Some where,DC=yourdomain,DC=com

The User Name above is as seen in AD users and computers, but the DN must be the full path to the user.

It may well work with the userPrincipalName above, but it would at least be worth trying this method. It depends a great deal on the software interface.

Do you have anything that indicates the LDAP bind is failing? This error:

> could not set open file limit to 8192: Operation not permitted

Doesn't really indicate that so this may be the wrong tree :)

Chris
0
 

Author Comment

by:ctsuhako
Comment Utility
Thanks, Chris. I am out of the office, but will try this on Monday.
0
 

Author Comment

by:ctsuhako
Comment Utility
Hi, Chris:

Tries using the full DN, but still no joy. I can bind with this user using ldp.exe, so I am unsure what the issue may be.
0
 

Accepted Solution

by:
ctsuhako earned 0 total points
Comment Utility
Nevermind. Pointing to the server IP instead of the domain name cleared up the issue.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now