?
Solved

Problems Connecting To Active Directory Using LDAP

Posted on 2008-10-09
7
Medium Priority
?
6,257 Views
Last Modified: 2013-12-24
Hello. I am trying to have our Barracuda Spam Firewall 300 verify incoming email addresses against Active Directory using LDAP. I can telnet and login just fine, so I am sure that everything is running correctly. The Barracuda requires the following information:

LDAP Server: 10.0.0.2 (SBS 2003)
LDAP Port: 389 (which I can telnet to)
BIND DN: User (I have created a user within AD that has only Domain User rights; I can telnet fine with this User).
BIND Password: user's password
LDAP Filter: using the default ((|(proxyaddress=smtp:${recipient_email})(mail=${recipient_email}))
LDAP Search Base: default (${defaultNamingContext}
LDAP UID: deafult for AD: sAMAccountName
Valid Email For Testing: my valid email address

When I try to test this I receive the following error:

could not set open file limit to 8192: Operation not permitted
lookup order: fb
listening on localhost/59447
answering client connection request from 127.0.0.1/59448
received from 127.0.0.1/59448: GET user@domain.com
email address: user@domain.com
telling 127.0.0.1/59448: 200 550 DB verification agent failed%3A
received from 127.0.0.1/59448: QUIT
hanging up on client 127.0.0.1/59448
exiting on SIGTERM

I am new to LDAP and have no clue as to where to go from here. I have posted this to the Barracuda forums, but have received no response as of yet.

Thank you.
0
Comment
Question by:ctsuhako
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 600 total points
ID: 22681041
Pointing your Barracuda at your DC won't do anything.  The LDAP query will only look at the directory but not actually write anything to it.  I created a user called ldap and use it for my barracuda.  That account only needs to be part of the domain user's group and nothing more.

Check your LDAP settings to to make sure:
LDAP Server: SERVERNAME.op-tn.org
LDAP Port: 389
Exchange Accelerator: YES
Unify Email Address: YES
SSL: OFF
Require SSL: NO
Bind DN: ldap@op-tn.org
Bind Passwod: LDAP's PASSWORD
LDAP Filter: (|(proxyaddresses=smtp$${recipient_email})(proxyaddresses=smtp:${recipient_email}))
--the filter can be changed but this one looks at all of the user's e-mail addresses for verifcation
LDAP Search Base: ${defaultNamingContext}
LDAP UID: sAMAccountName
LDAP Primary Email Attribute: MAIL
0
 

Author Comment

by:ctsuhako
ID: 22681129
Thanks for the reply. I have already created a user for the Barracuda's use and that is what I am using as the BIND DN (user@domain.com). Byt I still get this error.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1400 total points
ID: 22685167

> BIND DN

DN = Distinguished Name. That normally means the Bind DN should be something like:

CN=User Name,OU=Some where,DC=yourdomain,DC=com

The User Name above is as seen in AD users and computers, but the DN must be the full path to the user.

It may well work with the userPrincipalName above, but it would at least be worth trying this method. It depends a great deal on the software interface.

Do you have anything that indicates the LDAP bind is failing? This error:

> could not set open file limit to 8192: Operation not permitted

Doesn't really indicate that so this may be the wrong tree :)

Chris
0
 

Author Comment

by:ctsuhako
ID: 22687007
Thanks, Chris. I am out of the office, but will try this on Monday.
0
 

Author Comment

by:ctsuhako
ID: 22712386
Hi, Chris:

Tries using the full DN, but still no joy. I can bind with this user using ldp.exe, so I am unsure what the issue may be.
0
 

Accepted Solution

by:
ctsuhako earned 0 total points
ID: 22712591
Nevermind. Pointing to the server IP instead of the domain name cleared up the issue.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question