>> ldap:{},{(CN=firstname lastname)}{mail},{}{} <<
No, the mail attribute only returns the primary email address for the
user. It does not return all email addresses (that's what proxyaddresses
does).
Yes, I am aware that I am responsible for creating appropriate LDAP
queries, but that isn't helpful when ASSP can't cope with the result.
Unless anyone can suggest an AD LDAP query that will return addresses in
a form ASSP can accept, we have a mismatch between AD and ASSP, and that
seems to me a significant shortcoming. The only workable approach I can
suggest is that ASSP is modified to handle the AD-returned format.
-----Original Message-----
From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Sent: Monday, December 05, 2011 5:22 PM
To: ASSP development mailing list
Subject: [Assp-test] Antwort: Re: Antwort: Trouble With Groups LDAP
Query - 2
proxyaddresses - as descibed in the docu gives a list (you saw it)
mail - gives you the SMTP email address
so
ldap:{},{(CN=firstname lastname)}{mail},{}{}
should do it
>[group]=>recipientaddress=>1
before using a group anywhere in assp - check the group in the GUI -
buttons below 'Groups' , one per group
>(1) Is there any way to have a Groups LDAP query return a list of
addresses that ASSP can handle (or have ASSP handle the AD format
directly)?
It is your work to build the LDAP query right - or to modify the LDAP
schema.
>(2) Is there a further issue with block reporting?
No - this is tested and works. - Keep in mind that group names used by
the
block report feature must be email addresses !
Thomas
Von: "Steve Moss" <st...@freeyournet.com>
An: "ASSP development mailing list"
<assp-test@lists.sourceforge.net>
Datum: 05.12.2011 17:26
Betreff: Re: [Assp-test] Antwort: Trouble With Groups LDAP Query
-
2
Hi Thomas,
>> changed user=>user to user=>"any LDAP user" and added base=>"any
LDAPRoot" <<
Thanks that works now. But... I am attempting to use LDAP to create a
group for each user, containing a list of all the users email addresses.
In Windows' ActiveDirectory (AD), the addresses are stored in a user
attribute called proxyaddresses, so I am using a LDAP query such as:
ldap:{},{(CN=firstname lastname)}{proxyaddresses},{}{}
That returns a Unicode string containing all the user's addresses, one
per line, prefixed by a type identifier. For instance:
SMTP:smtpaddress
X400: x400address
ASSP doesn't appear able to handle this. For instance, I have tested
this by placing an entry like this in the block report file and choosing
the Run Now option:
[group]=>recipientaddress=>1
Block reporting does nothing, though - no block reports are generated,
and I can see no clues in the mail log (the 'task BlockReportNow was
queued to run' message is the only related entry I can see). I don't
know if this is because of the format of the addresses in the group
files, or if there is an issue with block reporting.
So, I have two questions:
(1) Is there any way to have a Groups LDAP query return a list of
addresses that ASSP can handle (or have ASSP handle the AD format
directly)?
(2) Is there a further issue with block reporting?
-----Original Message-----
From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Sent: Monday, December 05, 2011 10:00 AM
To: ASSP development mailing list
Subject: Re: [Assp-test] Antwort: Trouble With Groups LDAP Query - 2
> Also, LDAPLogin uses a DN specification, whereas groups do not.
I saw this issue and it is corrected in the next release.
changed user=>user to user=>"any LDAP user" and added base=>"any
LDAPRoot"
So the full DN notation could be used in both parameters. Keep an eye on
the next release - your user specification will not work anymore - copy
the plain text of the Groups file before upgrade! The separtor is
required
for the user=>(sep)user(sep) !!
>as to why group specs need to include the LDAP host and login details
If the host part is empty {} - the sepcifications from the LDAP section
will be used. At least there is a BUG in the LDAPlist feature - fixed in
the next release.
Thomas
Von: "Steve Moss" <st...@freeyournet.com>
An: "ASSP development mailing list"
<assp-test@lists.sourceforge.net>
Datum: 05.12.2011 10:43
Betreff: Re: [Assp-test] Antwort: Re: Antwort: Trouble With
Groups
LDAP Query - 2
>> Has you defined 'LDAProot' in the functional LDAP section? <<
Yes, it is set to: DC=domain,DC=local
LDAP lookup works fine for local addresses - I have been using it for
ages - it's just the groups I am having issues with. I am a little
confused, also, as to why group specs need to include the LDAP host and
login details, as these are already specified in the LDAP section. Also,
LDAPLogin uses a DN specification, whereas groups do not.
----
Regards,
Steve Moss (st...@freeyournet.com),
Microsoft Certified Professional - Small and Medium Sized Business.
FreeYourNet.
6 Pine View, Muxton, Telford, Shropshire TF2 8QX, U.K.
URL: http://www.freeyournet.com
Tel: +44 (0)7971 321586 Fax: +44 (0)1952 603703
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error, use of this
information (including disclosure, copying or distribution) may be
unlawful: please notify ad...@freeyournet.com and delete the message
immediately. All FreeYourNet's incoming and outgoing e-mails, and any
files transmitted with them, are checked for viruses and other malicious
software using up-to-date security scanners. While this e-mail (and any
attachments) has been found to be free of malicious software,
FreeYourNet cannot accept legal responsibility for, or for the
consequences of, any malicious software which may have been transmitted
herein.
FreeYourNet is a trading name of CoCo Systems Ltd., registered in
England and Wales No. 2339146. Registered office: 66 High Street,
Dawley, Telford, Shropshire TF4 2HD.
-----Original Message-----
From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Sent: Sunday, December 04, 2011 3:17 PM
To: ASSP development mailing list
Subject: [Assp-test] Antwort: Re: Antwort: Trouble With Groups LDAP
Query - 2
>are defined in the LDAP section (and they work there)
Has you defined 'LDAProot' in the functional LDAP section?
Thomas
Von: "Steve Moss" <st...@freeyournet.com>
An: "ASSP development mailing list"
<assp-test@lists.sourceforge.net>
Datum: 04.12.2011 14:33
Betreff: Re: [Assp-test] Antwort: Trouble With Groups LDAP Query
-
2
Hi Thomas,
The LDAP server is on a Windows SBS 2003 (ASSP v2 is on the same
machine), and it accepts unencrypted connections. That said, I get the
same results if I specify scheme=>ldaps (and STARTTLS=>0 or 1). On build
11338, diagnmstic LDAP logging shows:
STARTTLS => 0
attr => proxyaddresses
host => host
ldapfilt => (CN=firstname lastname)
password => pass
scheme => ldap
timeout => 15
user => Administrator
version => 3
This all appears correct, but I am still getting error 49. Any ideas?
----
Steve.
-----Original Message-----
From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Sent: Sunday, December 04, 2011 8:31 AM
To: ASSP development mailing list
Subject: [Assp-test] Antwort: Trouble With Groups LDAP Query - 2
check the 'schema => ldap(s)' - possibly you try to authenticate
unencrypted (ldap) - and this is not allowed by your LDAP server?
I'm just testing some enhancements for the LDAP implementation in groups
-
just wait for the next release.
Thomas
Von: "Steve Moss" <s...@coco.co.uk>
An: <assp-test@lists.sourceforge.net>
Datum: 04.12.2011 00:58
Betreff: [Assp-test] Trouble With Groups LDAP Query - 2
I see, Thomas, that you mark this as fixed in build 11337. I suspect it
isn't, though...
I am still getting LDAP error code 49 on bind, which indicates bad
credentials. I am definitely passing correct credentials, the same as
are defined in the LDAP section (and they work there). In the group
definition I have password=>"pass", but I suspect ASSP still isn't
passing the correct password via the LDAP query. For instance, if I
change the user to an invalid name I get LDAP code 32 instead, which is
correct. This indicates the (correct) password is the element causing
the authentication failure.
Sadly, ASSP logging/debug logging isn't helpful in this respect. Please
assess.
------------------------------------------------------------------------
------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential,
legally
privileged and protected in law and are intended solely for the use of
the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------
------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential,
legally
privileged and protected in law and are intended solely for the use of
the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------
------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential,
legally
privileged and protected in law and are intended solely for the use of
the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------
------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential,
legally
privileged and protected in law and are intended solely for the use of
the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
