Problems Connecting To Active Directory Using LDAP

Hello. I am trying to have our Barracuda Spam Firewall 300 verify incoming email addresses against Active Directory using LDAP. I can telnet and login just fine, so I am sure that everything is running correctly. The Barracuda requires the following information:

LDAP Server: 10.0.0.2 (SBS 2003)
LDAP Port: 389 (which I can telnet to)
BIND DN: User (I have created a user within AD that has only Domain User rights; I can telnet fine with this User).
BIND Password: user's password
LDAP Filter: using the default ((|(proxyaddress=smtp:${recipient_email})(mail=${recipient_email}))
LDAP Search Base: default (${defaultNamingContext}
LDAP UID: deafult for AD: sAMAccountName
Valid Email For Testing: my valid email address

When I try to test this I receive the following error:

could not set open file limit to 8192: Operation not permitted
lookup order: fb
listening on localhost/59447
answering client connection request from 127.0.0.1/59448
received from 127.0.0.1/59448: GET user@domain.com
email address: user@domain.com
telling 127.0.0.1/59448: 200 550 DB verification agent failed%3A
received from 127.0.0.1/59448: QUIT
hanging up on client 127.0.0.1/59448
exiting on SIGTERM

I am new to LDAP and have no clue as to where to go from here. I have posted this to the Barracuda forums, but have received no response as of yet.

Thank you.
ctsuhakoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sk_raja_rajaCommented:
Pointing your Barracuda at your DC won't do anything.  The LDAP query will only look at the directory but not actually write anything to it.  I created a user called ldap and use it for my barracuda.  That account only needs to be part of the domain user's group and nothing more.

Check your LDAP settings to to make sure:
LDAP Server: SERVERNAME.op-tn.org
LDAP Port: 389
Exchange Accelerator: YES
Unify Email Address: YES
SSL: OFF
Require SSL: NO
Bind DN: ldap@op-tn.org
Bind Passwod: LDAP's PASSWORD
LDAP Filter: (|(proxyaddresses=smtp$${recipient_email})(proxyaddresses=smtp:${recipient_email}))
--the filter can be changed but this one looks at all of the user's e-mail addresses for verifcation
LDAP Search Base: ${defaultNamingContext}
LDAP UID: sAMAccountName
LDAP Primary Email Attribute: MAIL
0
ctsuhakoAuthor Commented:
Thanks for the reply. I have already created a user for the Barracuda's use and that is what I am using as the BIND DN (user@domain.com). Byt I still get this error.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Chris DentPowerShell DeveloperCommented:

> BIND DN

DN = Distinguished Name. That normally means the Bind DN should be something like:

CN=User Name,OU=Some where,DC=yourdomain,DC=com

The User Name above is as seen in AD users and computers, but the DN must be the full path to the user.

It may well work with the userPrincipalName above, but it would at least be worth trying this method. It depends a great deal on the software interface.

Do you have anything that indicates the LDAP bind is failing? This error:

> could not set open file limit to 8192: Operation not permitted

Doesn't really indicate that so this may be the wrong tree :)

Chris
0
ctsuhakoAuthor Commented:
Thanks, Chris. I am out of the office, but will try this on Monday.
0
ctsuhakoAuthor Commented:
Hi, Chris:

Tries using the full DN, but still no joy. I can bind with this user using ldp.exe, so I am unsure what the issue may be.
0
ctsuhakoAuthor Commented:
Nevermind. Pointing to the server IP instead of the domain name cleared up the issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.