Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Problems Connecting To Active Directory Using LDAP

Posted on 2008-10-09
7
Medium Priority
?
6,304 Views
Last Modified: 2013-12-24
Hello. I am trying to have our Barracuda Spam Firewall 300 verify incoming email addresses against Active Directory using LDAP. I can telnet and login just fine, so I am sure that everything is running correctly. The Barracuda requires the following information:

LDAP Server: 10.0.0.2 (SBS 2003)
LDAP Port: 389 (which I can telnet to)
BIND DN: User (I have created a user within AD that has only Domain User rights; I can telnet fine with this User).
BIND Password: user's password
LDAP Filter: using the default ((|(proxyaddress=smtp:${recipient_email})(mail=${recipient_email}))
LDAP Search Base: default (${defaultNamingContext}
LDAP UID: deafult for AD: sAMAccountName
Valid Email For Testing: my valid email address

When I try to test this I receive the following error:

could not set open file limit to 8192: Operation not permitted
lookup order: fb
listening on localhost/59447
answering client connection request from 127.0.0.1/59448
received from 127.0.0.1/59448: GET user@domain.com
email address: user@domain.com
telling 127.0.0.1/59448: 200 550 DB verification agent failed%3A
received from 127.0.0.1/59448: QUIT
hanging up on client 127.0.0.1/59448
exiting on SIGTERM

I am new to LDAP and have no clue as to where to go from here. I have posted this to the Barracuda forums, but have received no response as of yet.

Thank you.
0
Comment
Question by:ctsuhako
  • 4
  • 2
7 Comments
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 600 total points
ID: 22681041
Pointing your Barracuda at your DC won't do anything.  The LDAP query will only look at the directory but not actually write anything to it.  I created a user called ldap and use it for my barracuda.  That account only needs to be part of the domain user's group and nothing more.

Check your LDAP settings to to make sure:
LDAP Server: SERVERNAME.op-tn.org
LDAP Port: 389
Exchange Accelerator: YES
Unify Email Address: YES
SSL: OFF
Require SSL: NO
Bind DN: ldap@op-tn.org
Bind Passwod: LDAP's PASSWORD
LDAP Filter: (|(proxyaddresses=smtp$${recipient_email})(proxyaddresses=smtp:${recipient_email}))
--the filter can be changed but this one looks at all of the user's e-mail addresses for verifcation
LDAP Search Base: ${defaultNamingContext}
LDAP UID: sAMAccountName
LDAP Primary Email Attribute: MAIL
0
 

Author Comment

by:ctsuhako
ID: 22681129
Thanks for the reply. I have already created a user for the Barracuda's use and that is what I am using as the BIND DN (user@domain.com). Byt I still get this error.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1400 total points
ID: 22685167

> BIND DN

DN = Distinguished Name. That normally means the Bind DN should be something like:

CN=User Name,OU=Some where,DC=yourdomain,DC=com

The User Name above is as seen in AD users and computers, but the DN must be the full path to the user.

It may well work with the userPrincipalName above, but it would at least be worth trying this method. It depends a great deal on the software interface.

Do you have anything that indicates the LDAP bind is failing? This error:

> could not set open file limit to 8192: Operation not permitted

Doesn't really indicate that so this may be the wrong tree :)

Chris
0
 

Author Comment

by:ctsuhako
ID: 22687007
Thanks, Chris. I am out of the office, but will try this on Monday.
0
 

Author Comment

by:ctsuhako
ID: 22712386
Hi, Chris:

Tries using the full DN, but still no joy. I can bind with this user using ldp.exe, so I am unsure what the issue may be.
0
 

Accepted Solution

by:
ctsuhako earned 0 total points
ID: 22712591
Nevermind. Pointing to the server IP instead of the domain name cleared up the issue.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog post, we’ll look at how using thread_statistics can cause high memory usage.
How much do you know about the future of data centers? If you're like 50% of organizations, then it's probably not enough. Read on to get up to speed on this emerging field.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question