How to add a Domino LDAP Server for Authentication in Symantec Messaging Gateway (SMG)

book

Article ID: 180461

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

 

Resolution

This article shows how to configure a Symantec Messaging Gateway (SMG) 9.x LDAP Authentication source to connect to a Domino server.

 

Scenario used in this HowTo

Domino server 8.5.2 FP1
Default LDAP config

 


Example of LDAP attributes from one Domino user

dn CN=Omer Simpson,O=Backline

cn

Omer Simpson

mail

[email protected]

displayname

Omer Simpson/Backline

objectclass

dominoPerson

objectclass

inetOrgPerson

objectclass

organizationalPerson

objectclass

person

objectclass

top

uid

OSimpson

mailfile

mail\osimpson

 


Domino LDAP options

Note: this output can be obtained by typing the following command on the Domino server console: tell ldap showconfig

[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Listening on TCP/IP port 389
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Anonymous access over TCP/IP is ENABLED
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Name/Password (simple) authentication over TCP/IP is ENABLED
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Enforce server access checking is DISABLED
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Maximum entries returned = 0
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Time limit for search = 0 seconds
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Minimum characters needed for wild card = 1
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Default revision (1) of Distinguished Name Parsing is enabled
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Return UTF8 results to LDAPv2 clients is ENABLED
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Maximum referral URLs returned is 1
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: When there are multiple instances of an entry then Don't Modify Any
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Schema enforcement is ENABLED
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Automatic FT indexing of domino directories on service startup is DISABLED
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Alternate language information processing is DISABLED
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Require distinguished name on bind is DISABLED
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Activity log truncates attribute values at 4096 bytes
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Activity logging is DISABLED
[11469034:00002-00001] 04/21/2011 11:10:44   LDAP Server: Dereferencing Aliases on search requests is DISABLED



Adding the Directory Data Source

LDAP sources are located on the "Administration > Settings > Directory Integration" page of the SMG Control Center.
Click "Add" to configure a new entry.

In the "LDAP Server Configuration" page, enter all required details as in the example shown below in Figure 1.
Note: If Administrator Credentials need to be entrered as well, note thatn the Domino “User Name” (First Last) must be used to have a successful login (Figure 2).

Figure 1:

Figure 2:

 

Next, the functions for the data source have to be entered. In this document, an "Authentication" source is created.

Enter all data required on this screen
Note: the Control Center Authentication section requires Domino users' ShortName, as shown below in Figure 3:

Figure 3:

 

Result of a successful Test Authentication query:


Result of a successful Test Quarantine query:
 


Final summary:
 


Explanation of the query filter:

Primary email attribute = ldap field where the email address is stored = "mail" (default)

uid = Domino UserID = ShortName = "osimpson" (this document)

 

Example: A query that contains "(uid=%u)" as the filter and "mail" as the primary email attribute means that the UserID (ShortName) entered by the user (on Authentication login page for instance) will be searched in the "user part" (%u) of the email address.
 

Attachments