Mailing List CGatePro@mail.stalker.com Message #98385
From: Ben Hanes <bhanes@chori.org>
Subject: Re: CGP LDAP support for aliases
Date: Fri, 24 Jul 2009 11:25:29 -0700
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.935.3)
Hey Marcel and John,

First off, yes this could be done with a properly crafted perl script, but I only had about 10 to do, so I chose to "do it the hard way"

As for multiple aliases, I'm afraid you might have to create multiple fields.  This would obviously be a huge pain as well a clutter up every account with unnecessary config options.  I tried separated values with a variety of characters and it did not work.  IronPort might have a way around this in their query mechanism, but you would have to ask them.

Thanks

Ben
--------

On Jul 24, 2009, at 8:58 AM, Marcel Hochuli wrote:

Thank you very much Ben!

The Cisco Blocker is an SMB-Version of IronPort. The configuration of LDAP should be the same as I remember from our demo unit.

It was also my idea to create a special field in the LDAP Schema. But we hat to return our demo unit and I hadn't enough time. As soon as our final unit will be here, I will try this.

Q: is it a problem to have multiple Aliases in an Account? We have Accounts with up to 15 Aliases...



Marcel

+---
otherto:noway@a-f.ch
_______________________________________



Am 24.07.2009 um 17:40 schrieb Ben Hanes:

To use LDAP Queries for email alias names in CGP when using IronPort

OK, for CGP:

Go to Directory/<root>/Schema
Add Desired item.  - We call ours emailAlias (attribute # is 2.6.3)
Now go to each user with an alias and copy the data info to the new field 
-helps to Display only Aliases on the user page in CGP Admin

Now for IronPort:

Edit LDAP Server Profile to add another Server Profile (ours is named MailAlias)
Same info as the existing LDAP query with the addition of the Query String is now(emailAlias={u})
Now create a Chained Query and add both Profiles to the Query

That's all you need. Of course this simple process took about 2 days to figure out with help from CGP and IronPort. Neither one knew how to interface with the given device/server. Now hopefully others can benefit from my time.

Good luck to all.

Ben
----------------------------------------------
Ben Hanes
Email Administrator
Children's Hospital Oakland Research Institute

On Jul 24, 2009, at 8:17 AM, Giovanni Ferri wrote:

hello,
we have a very similar setup (we have a cluster of C650) and with the
same need - to query CGP via ldap also for aliaseses.
Could you please give me a pointer on how you modified the schema? we
have a discussion on a local cgp partner and they stated it can't be done.

The way we did this is to build an external cluster of LDAP server and
build a meta-ldap to query the communigate cluster via CG:PL (which also
handles aliases and mailing lists - normally not in the cgp ldap tree);
as you may know this is quite expensive.

Thanks a lot.

Ben Hanes ha scritto:
Our IronPort SPAM Appliance uses LDAP queries to authenticate users.
Since it doesn't properly pickup aliases, we made a custom field and
check to that field. It is a workaround that we can live with. When we
create an account alias, we must remember to enter in in our
emailAlias field also.

We added this item to the Schema and in Directory Integration, added
it to the Custom Account Settings. It is now searchable in an LDAP query.

Ben

----------------------------------------------
Ben Hanes
Email Administrator
Children's Hospital Oakland Research Institute

On Jul 10, 2009, at 11:34 AM, Will Matthews wrote:

Hi all,

I saw a couple of messages from a few years back discussing the lack
of support in CGP's directory for aliases (account or domains). I was
wondering if this had changed at all, or if anyone had any helpful
workarounds for valid address verification via LDAP. We have numerous
group and generic email address that don't belong to an individual in
our company directory, so setting these up in our existing LDAP
directory would be incredibly time consuming.

Thanks,
Will


#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>


#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster