Cisco Cisco Email Security Appliance X1070 Guía Para Resolver Problemas

further information is required. If you cannot "find" users in your subdomains, leave the base DN at the root
and set the IronPort to use the GC port.

Create a new LDAP Server Profile with values located previously from your directory server (System
Administration > LDAP).  For example:

Server Profile Name: PublicLDAP

♦ 

Host Name: myldapserver.example.com

♦ 

Authentication Method: Use Password: Enabled

♦ 

Username:cn=ESA,cn=Users,dc=example,dc=com

♦ 

Password: password

♦ 

Server Type: Active Directory

♦ 

Port: 3268

♦ 

BaseDN:dc=example,dc=com

♦ 

Make sure to use the "Test Server(s)" button to verify your settings before continuing.  Successful
output should look like:

Connecting to myldapserver.example.com at port 3268

Bound successfullywithDNCN=ESA,CN=Users,DC=example,DC=com

Result: succeeded

1. 

Use the same screen to define the LDAP accept query.  The following example checks the recipient
address against the more common attributes, either "mail" OR "proxyAddresses":

Name: PublicLDAP.accept

♦ 

QueryString:(|(mail={a})(proxyAddresses=smtp:{a}))

♦ 

You can use the "Test Query" button to verify your search query returns results for a valid account. 
Successful output searching for the service account's address "esa.admin@example.com" should look
like:

Query results for host:myldapserver.example.com

Query (mail=esa.admin@example.com) >to server PublicLDAP (myldapserver.example.com:3268)

Query (mail=esa.admin@example.com) lookup success, (myldapserver.example.com:3268) returned 1 results

Success: Action: Pass

2. 

 Apply this new accept query to the Inbound Listener (Network > Listeners).  Expand the options
LDAP Queries > Accept, and choose your query PublicLDAP.accept.

3. 

Finally, commit the changes to enable these settings.

4. 

mail3.example.com> ldapconfig    

No LDAP server configurations.

Choose the operation you want to perform:    

− NEW − Create a new server configuration.   

1.