Mailing List CGatePro@mail.stalker.com Message #105869
From: Thomas Bleek <bl@gfz-potsdam.de>
Subject: Re: Communigate LDAP and Barracuda?
Date: Tue, 3 Nov 2015 08:05:07 +0100
To: Discussions Pro CommuniGate <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.3096.5)
I don't remember any configuration tricks, but the installation was in 2006... We did only some additions to the schema.
Perhaps you could check the accessrights?

pwd
/var/CommuniGate/Directory

cat AccessRights.settings
(
(HidePas,"*","*",prohibit,(),(userPassword,privateKey),(userPassword,privateKey),()),
(ReadAll,"*","*",allow,(),("*"),("*"),())
)

I just did this on an OS X Client (tb is a alias):
ldapsearch -x -h cgp1 -b dc=cgprouter mail=tb@gfz-potsdam.de
# extended LDIF
#
# LDAPv3
# base <dc=cgprouter> with scope subtree
# filter: mail=tb@gfz-potsdam.de
# requesting: ALL
#

# tb@gfz-potsdam.de, cgprouter
dn: mail=tb@gfz-potsdam.de,dc=cgprouter
objectclass: inetOrgPerson
mail: tb@gfz-potsdam.de

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
iMac2012:~ bl$ 


With log setting to all this search looks like this:
07:47:11.444 5 LDAP [0.0.0.0]:389 <- [139.17.40.222]:49732 connection request. socket=630
07:47:11.444 5 LDAP new VStream created, 1 total
07:47:11.444 5 LDAP stream thread started
07:47:11.444 4 LDAP-000004([139.17.40.222]) [139.17.3.101]:389 <- [139.17.40.222]:49732 incoming connection(cgp1.gfz-potsdam.de)
07:47:11.444 5 LDAP-000004([139.17.40.222]) inp: SEQ(12) 02 01 01 60 07 02 01 03 04 00 80 00
07:47:11.444 4 LDAP-000004([139.17.40.222]) BINDing as ''
07:47:11.444 4 LDAP-000004([139.17.40.222]) Logged in as anyone. authType=0
07:47:11.444 5 LDAP-000004([139.17.40.222]) out: 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00
07:47:11.464 5 LDAP-000004([139.17.40.222]) inp: SEQ(63) 02 01 02 63 3A 04 0C 64 63 3D 63 67 70 72 6F 75 74 65 72 0A 01 02 0A 01 00 02 01 00 02 01 00 01 01 00 A3 19 04 04 6D 61 69 6C 04 11 74 62 40 67 66 7A 2D 70 6F 74 73 64 61 6D 2E 64 65 30 00
07:47:11.464 4 LDAP-000004([139.17.40.222]) searching(sub) 'dc=cgprouter'
07:47:11.464 4 LDAP-000004([139.17.40.222]) searching where (mail=tb@gfz-potsdam.de)
07:47:11.464 4 LDAP-000004([139.17.40.222]) searching for ALL
07:47:11.464 4 LDAP-000004([139.17.40.222]) 'mail=tb@gfz-potsdam.de,dc=cgprouter' retrieved
07:47:11.464 5 LDAP-000004([139.17.40.222]) out: 30 69 02 01 02 64 64 04 23 6D 61 69 6C 3D 74 62 40 67 66 7A 2D 70 6F 74 73 64 61 6D 2E 64 65 2C 64 63 3D 63 67 70 72 6F 75 74 65 72 30 3D 30 1E 04 0B 6F 62 6A 65 63 74 63 6C 61 73 73 31 0F 04 0D 69 6E 65 74 4F 72 67 50 65 72 73 6F 6E 30 1B 04 04 6D 61 69 6C 31 13 04 11 74 62 40 67 66 7A 2D 70 6F 74 73 64 61 6D 2E 64 65
07:47:11.464 2 LDAP-000004([139.17.40.222]) search finished
07:47:11.464 5 LDAP-000004([139.17.40.222]) out: 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00
07:47:11.484 5 LDAP-000004([139.17.40.222]) inp: SEQ(5) 02 01 03 42 00
07:47:11.484 4 LDAP-000004([139.17.40.222]) disconnecting
07:47:11.484 4 LDAP-000004([139.17.40.222]) closing connection
07:47:11.484 4 LDAP-000004([139.17.40.222]) releasing stream


I am running an 0x2 cluster on Solaris (Sparc and X86) CGP Version is also 6.0.11.

Perhaps any further questions with personal mail.
tb


Am 03.11.2015 um 04:22 schrieb Lyn <lynlist@nowdata.com>:

From my tests, dc=cgprouter returns account names, lists, but NOT account aliases.

Did you do something to the configuration of your CGP instance to somehow successfully lookup aliases? I’ve deleted/inserted object records for the CGP domain I’m working with, which did not help.

Thanks - 

Lyn

On Nov 1, 2015, at 11:56 PM, Thomas Bleek <bl@gfz-potsdam.de> wrote:

Hi Lyle,

thanks for your question, I thought CGP is not able to provide this also for groups, aliases, lists,..., but it can.

It is really simple. dc=cgprouter is really special.

ldapsearch -h cgp -b dc=cgprouter mail=valid-address@domain
version: 1
dn: mail=volleyball@domain,dc=cgprouter
objectclass: inetOrgPerson
mail: valid-address@domain

ldapsearch -h cgp -b dc=cgprouter mail=invalidaddr@domain
ldap_search: No such object
ldap_search: additional info: unknown user account

Perhaps your barracuda is able to do smtp callout? That would be the simplest solution.
tb



Am 01.11.2015 um 23:21 schrieb Lyn <lynlist@nowdata.com>:

I really appreciate being pointed to the appropriate documentation. However my limited knowledge on this subject prevents me from successfully attempting any meaningful tests using the correct syntax. I was hoping I could start at a very simple level by attempting to get this to work in my email application. The entries below work, but they don’t return associated account aliases.

Search Base: cn=domain.com
Scope: Subtree
Authentication: Simple

To verify the dc=cgprouter subtree, should I be using a different technique (Telnet?)? Can anyone dumb this down for me?




On Nov 1, 2015, at 1:57 PM, Technical Support <support@communigate.com> wrote:

Hello,

On 2015-11-01 19:57 , Lyn wrote:
Yes, that’s what I’ve been learning. However, there is mention in CGP documentation that seems to indicate support of Account aliases. Not sure if this is what I’m looking for or not?

https://www.communigate.com/cgatepro/CentralDir.html#SubTree

The correct way to validate addresses on CGPro via LDAP is through searches under the special dc=cgprouter subtree: <http://www.communigate.com/CommuniGatePro/LDAP.html#RouterDN>




On Nov 1, 2015, at 8:42 AM, Lyle <lyle@lcrcomputer.net> wrote:

That was always an issue with CGPro.  Their LDAP database only contained main account addresses and never contained any group or account aliases.

Lyle Giese
LCR Computer Services, Inc.


On 10/31/15 22:32, Lyn wrote:
I’m attempting to configure a Barracuda Spam Firewall to use Communigate’s LDAP. My configuration in Barracuda is successfully returning account names, but not account aliases.

Does anyone have any Barracuda LDAP/Single Sign-On with Communigate (6.0.11)?

Thanks -

Lyn


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>


--
Best regards,
Dmitry Akindinov.
=======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your
reply.

--
Dr. Thomas Bleek, Netzwerkadministrator
Helmholtz-Zentrum Potsdam
Deutsches GeoForschungsZentrum
Telegrafenberg A20/225
D-14473 Potsdam
Tel.: +49 331 288- 1818/1681 Fax.: 1730 Mobil: +49 172 1543233
E-Mail: bl@gfz-potsdam.de



--
Dr. Thomas Bleek, Netzwerkadministrator
Helmholtz-Zentrum Potsdam
Deutsches GeoForschungsZentrum
Telegrafenberg A20/225
D-14473 Potsdam
Tel.: +49 331 288- 1818/1681 Fax.: 1730 Mobil: +49 172 1543233
E-Mail: bl@gfz-potsdam.de

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster