Cisco Cisco Email Security Appliance C650 Guía Del Usuario
3-187
Cisco IronPort AsyncOS 7.1 for Email Advanced Configuration Guide
OL-22164-02
Chapter 3 LDAP Queries
Troubleshooting Connections to LDAP Servers
If the LDAP server is unreachable by the appliance, one of the following errors
will be shown:
will be shown:
•
Error: LDAP authentication failed: <LDAP Error
"invalidCredentials" [0x31]>
•
Error: Server unreachable: unable to connect
•
Error: Server unreachable: DNS lookup failure
Note that a server may be unreachable because the wrong port was entered in the
server configuration, or the port is not opened in the firewall. LDAP servers
typically communicate over port 3268 or 389. Active Directory uses port 3268 to
access the global catalog used in multi-server environments (See “Firewall
Information” in the Cisco IronPort AsyncOS for Email Configuration Guide for
more information.) In AsyncOS 4.0, the ability to communicate to the LDAP
server via SSL (usually over port 636) was added. For more information, see
server configuration, or the port is not opened in the firewall. LDAP servers
typically communicate over port 3268 or 389. Active Directory uses port 3268 to
access the global catalog used in multi-server environments (See “Firewall
Information” in the Cisco IronPort AsyncOS for Email Configuration Guide for
more information.) In AsyncOS 4.0, the ability to communicate to the LDAP
server via SSL (usually over port 636) was added. For more information, see
.
A server may also be unreachable because the hostname you entered cannot be
resolved.
resolved.
You can use the Test Server(s) on the Add/Edit LDAP Server Profile page (or the
test
subcommand of the
ldapconfig
command in the CLI) to test the connection
to the LDAP server. For more information, see
If the LDAP server is unreachable:
•
If LDAP Accept or Masquerading or Routing is enabled on the work queue,
mail will remain within the work queue.
mail will remain within the work queue.
•
If LDAP Accept is not enabled but other queries (group policy checks, etc.)
are used in filters, the filters evaluate to false.
are used in filters, the filters evaluate to false.