Test connectivity between an Active Directory server and Messaging Gateway using ldapsearch
search cancel

Test connectivity between an Active Directory server and Messaging Gateway using ldapsearch

book

Article ID: 177138

calendar_today

Updated On: 10-02-2023

Products

Messaging Gateway

Issue/Introduction

You need to test connectivity between Symantec Messaging Gateway (SMG) and an Active Directory server.

Resolution

Use the CLI command "ldapsearch" to perform queries from Messaging Gateway to ensure that communication is working.

To test connectivity using ldapsearch on an Active Directory server:

  1. Use a Secure Shell (SSH) client to connect to the Messaging Gateway appliance.
  2. Log in as admin.
  3. At the command prompt, type the following command:

    ldapsearch -x -b "dc=example,dc=com" -D "<AD_login@example.com>" -h <AD IP> -W '<search query filter>'

    Substitute the variable information with the data found in the Control Center (on the Settings tab) for Edit LDAP Server:
     
    Domain Domain name as it appears in the Query start (Auth base DN:) box
    TLD Top-level domain as it appears in the Query start (Auth base DN:) box
    AD_login@Domain.TLD Active Directory user login information as it appears in the Name (bind DN: ) box
    AD IP Active Directory server IP address as it appears in the Host box.
    search query filter Filter used to retrieve entries
    <nbsp;></nbsp;>
  4. Type the Active Directory user login password when prompted.
    A block of Active Directory information is returned.

Search examples for an Active Directory server

To search for all user accounts minus disabled accounts:

ldapsearch -x -b "dc=example,dc=com" -D "administrator@example.com" -h 192.0.2.1 -W '(&(proxyAddresses=smtp*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'

To test a search that will not return any results for LDAP groups:

ldapsearch -x -b "dc=example,dc=com" -D "administrator@example.com" -h 192.0.1 -W '(&(syncToSBG=true)(!(proxyAddresses=smtp*)))'

Note: The object syncToSBG=true will not exist in the LDAP source, and this will force the search to not find any results.

To search for all user accounts:

ldapsearch -x -b "dc=example,dc=com" -D "administrator@example.com" -h 192.0.2.1 -W '(&(|(mail=*)(proxyAddresses=*))(sAMAccountName=*))'

Technical information

The ldapsearch utility is part of OpenLDAP. For more information, see http://www.openldap.org/.

Powered by Wolken Software