Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » LDAP search base configuration for SPAM device
  •  
cwachs

Messages: 101
Karma: 0
Send a private message to this user
We are running a Mail Foundry SPAM gateway in front of our Kerio server. That gateway device is able to query an Exchange or LDAP server to see if accounts exists on the mail server to protect from dictionary type attacks on account names.

I have not been able to get it to talk to Kerio properly and the problem seems to be related to the search base. I'm authenticated properly and it is talking to Kerio but is not returning searches for accounts correctly.

The default the device wants to use is:
fn=ContactRoot or CN=Users,fn=ContactRoot

I've also tried DC=[domain],DC=org

LDAP search base is not my area of expertise. Anyone familiar with what I am attempting here and have some advice?

-----------
Server installation:
Kerio Connect 7.1
OS X Server 10.5.8
Apple G4 X Serve
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Have you tried

DC=[host],DC=[domain],DC=org

?
  •  
cwachs

Messages: 101
Karma: 0
Send a private message to this user
Yes. It gives the same response: "The testing address you supplied, 'account<_a.t_>domain.org', was not found on the Exchange/LDAP server.
This may be because the address does not exist on the server or your settings are incorrect."

The vendor tells me the problem is with the search base. Since it's not actually making a search, I don't see anything in the Kerio logs.

-----------
Server installation:
Kerio Connect 7.1
OS X Server 10.5.8
Apple G4 X Serve
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
I was struggling with the same thing until I remembered that the usual AD rights isn't always enough to get LDAP queries working from a remote server to a Windows DC. I ended up using the "Delegate Control ..." wizard in ADUC to give the LDAP user enough rights.

I gave the query user "Create, modify and manage" and "Read & Set domain password", but your mileage may vary.
  •  
cwachs

Messages: 101
Karma: 0
Send a private message to this user
Kerio is running on an OS X Sever installation using the internal directory.

TorW wrote on Wed, 14 January 2009 03:35

I was struggling with the same thing until I remembered that the usual AD rights isn't always enough to get LDAP queries working from a remote server to a Windows DC. I ended up using the "Delegate Control ..." wizard in ADUC to give the LDAP user enough rights.

I gave the query user "Create, modify and manage" and "Read & Set domain password", but your mileage may vary.


-----------
Server installation:
Kerio Connect 7.1
OS X Server 10.5.8
Apple G4 X Serve
Previous Topic: Error: - LDAP Server is not available
Next Topic: Accepting emails from 2 domains from the 1 server
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 06:43:53 CEST 2017

Total time taken to generate the page: 0.00439 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.