FYI, here is more info from Barracuda.
Subject: RE: MS Exchange Accelerator \ LDAP w/ Imail
> I have tried to get the LDAP to work with
> IMail in every way
> I know how and still have had no luck. As far as I can tell,
> it seems to be
> an issue with the syntax that the Barracuda is using to
> request a search or
> bind with the IMail LDAP server. Using an LDAP browser I can
> bind to and
> search the database both as an anonymous user and with a
> valid username and
> password.
It has nothing to do with syntax unless you are using non-standard
attributes to store the addresses. If that is the case we can create a
custom filter.
> First, the LDAP browsers always issue a LDAP bind request and
> get a bind
> response before issuing a search request. The Barracuda
> starts by issuing a
> search request, when it doesn't get a response it issues a
> bind request;
> however it gets no response to that request either, then
> times out. My
> understanding is that while it is preferable to have the
> client issue a bind
> request prior to a search request, it is not necessary as the
> initial search
> request is treated as an anonymous request. I set up one of the LDAP
> browsers to connect as anonymous and that works, yet the
> Barracuda fails. I
> also setup both the LDAP browser and the Barracuda with a
> valid username and
> password, again the browser works; the Barracuda fails.
The cuda is simply using an LDAP library. We try and keep an open bind for a
period of time. If that bind has gone away then we make a new request after
re-binding ... that is probably the behaviour he was seeing.
> Second, there is nowhere in the Barracuda to enter a base DN
> value for the
> LDAP server, so it uses null. I have however, gotten the
> browsers to work
> both with and without a base DN value, although by default
> they request one.
We query the 'defaultNamingContext' top level attribute from the ldap server
and use that as the search base. Set the attribute in the ldap server and it
will use it.
> Third, the syntax that the Barracuda uses to connect to the
> LDAP database
> changes depending on what text is entered into the username
> field on the
> device. If just a username is entered, the Barracuda adds
> DN=cn=<username>;
> if the request is put in email format it looks like
> [EMAIL PROTECTED]
> When the request is made via a LDAP browser using a username
> instead of
> anonymous access, the request reads DN=user, and the server
> responds in turn
> with a valid bind response. Since the cn= is just indicating
> the "common
> name" of the user, I wouldn't think that would make a difference.
It makes a difference to some servers (namely exchange 5.5). If in doubt
manually enter the entire thing needed to bind (e.g.
cn=user,cn=blah,dc=domain,dc=com ... or whatever your server wants for the
bidn). Otherwise we will query out the defaultnaming context and append it
to the username we send over. Example:
# if the username contains an "@", don't append the default context
if ($server_username =~ /\@/ || $server_username =~ /=/)
{
$bind_user = $server_username;
}
else
{
$bind_user =
"cn=$server_username,cn=users,$ldap_default_naming_context";
}
> Anyway, since Barracuda has indicated that they were able to
> get this to
> work with IMail, I would be interested to know how their
> configuration was
> different. I have tired their suggestions from the previous
> email you sent
> with no luck. The server I'm running is a Win2k box running
> SP3 and as a
> stand-alone server; the IMail version is 8.0. I'm open to
> any suggestions
> they might have. I should also mention that this was also
> tried by 3 other
> IMail/Barracuda users that I know of through an IMail tech
> forum and none of
> them were able to get it to work either.
I can't recall which users got it setup -- there haven't been many running
Imail and trying to use it.
Anyway, once you get it to bind then we can worry about the attributes it
tries to query.
- Chris
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
