LDAP Setup for MS Exchange and SpamZone
5.0 / 5.0 (2 votes)
Need to setup a LDAP session between SpamZone and MS Exchange server
The MS Exchange Accelerator is used to verify recipients using LDAP query to the directory service. Some mail server i.e Exchange does not verify user before accepting messages. If LDAP is running in your network environment, have the MS Exchange Accelerator point to it and it will use LDAP to verify recipients before allowing messages to be sent to them. By default, the Barracuda will use SMTP commands to verify recipients if you do not have any LDAP service running on the network environment.
Below is a list of configuration guides to troubleshoot the LDAP setups. Please check these items for possible problems with MS Exchange Accelerator:
* Try the username in several ways, ie. (, cn=, or @)
* If you are pointing the LDAP query to a DC (domain controller) make sure your domain matches what is on the DC. It could be a single label domain without the .com extension or a *.local domain, in that case you will need to type the username as "username@" or "username@"
* If you have users in a different container or folder, the username field is different, for example John Smith in the container anotherusercontainer, with the domain abc.com can be implemented with this: cn=john smith, cn=anotherusercontainer,dc=abc,dc=com or cn=john smith,ou=anotherusercontainer,dc=abc,dc=com
* Double check that a valid email account for checking really does exist.
* Verfiy LDAP is running on your network, open up Internet Explorer or any browser and type this URL: ldap://192.168.1.1:389 (modify the correct LDAP ip address accordingly, ie: ldap: //:)
* Create a user account under the User Container having read permission only with a simple username and password. No fancy characters in the password, ie. username = test ; password = password ; would be fine.
* In order to view hidden and deleted objects in the Exchange directory, you must explicitly connect to the server as an Exchange admin account and specify an additional username component of "cn=admin". If you have hidden files or users please check http://support.microsoft.com/default.aspx?scid=kb;en-us;196850&Product=ech
* Please see the following article on changing the ldap port to, for example, 10389. http://support.microsoft.com/default.aspx?scid=kb;EN-US;224447 Then also change the barracuda configuration to connect to this new port number.
* How to Install and Use the LDAP Service on MS Exchange: http://support.microsoft.com/default.aspx?scid=kb;en-us;184212
* How to Change LDAP Port Assignments in Exchange Server; http://support.microsoft.com/default.aspx?scid=kb;en-us;224447
* How to Install and Configure the Active Directory Connector in Exchange 2000 server http://support.microsoft.com/default.aspx?scid=kb;en-us;312632
* You could also point LDAP request to your Domain Controller if it has a directory service.
* Exchange Server and Active Directory Utilize the Same LDAP Ports: http://support.microsoft.com/default.aspx?scid=kb;en-us;240078
* For Exchange 5.5 and Windows NT 4.0 users use: username as "cn=. Remember, in the world of Exchange 5.5 with an NT 4.0 Domain Controller, you have to link a mailbox with a domain account.
* If you want LDAP to query all sub domains you will need to enable Global Catalog and point to the proper port. Here's how to enable Global Catalog: http://www.microsoft.com/resources/documentation/WindowsServ/2003/datacenter/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/datacenter/proddocs/en-us/dssite_enable_GC_server.asp