ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Test connectivity between an Active Directory server and Messaging Gateway using ldapsearch

book

Article ID: 177138

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

You need to test connectivity between Symantec Messaging Gateway (SMG) and an Active Directory server.

Resolution

Use the CLI command "ldapsearch" to perform queries from Messaging Gateway to ensure that communication is working.

To test connectivity using ldapsearch on an Active Directory server:

  1. Use a Secure Shell (SSH) client to connect to the Messaging Gateway appliance.
  2. Log in as admin.
  3. At the command prompt, type the following command:

    ldapsearch -x -b "dc=<Domain>,dc=<TLD>" -D "<[email protected]>" -h <AD IP> -W '<search query filter>'

    Substitute the variable information with the data found in the Control Center (on the Settings tab) for Edit LDAP Server:
     
    Domain Domain name as it appears in the Query start (Auth base DN:) box
    TLD Top-level domain as it appears in the Query start (Auth base DN:) box
    [email protected] Active Directory user login information as it appears in the Name (bind DN: ) box
    AD IP Active Directory server IP address as it appears in the Host box.
    search query filter Filter used to retrieve entries
  4. Type the Active Directory user login password when prompted.
    A block of Active Directory information is returned.

Search examples for an Active Directory server

To search for all user accounts minus disabled accounts:

ldapsearch -x -b "dc=example,dc=com" -D "[email protected]" -h 192.168.1.1 -W '(&(proxyAddresses=smtp*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'

To test a search that will not return any results for LDAP groups:

ldapsearch -x -b "dc=example,dc=com" -D "[email protected]" -h 192.168.1.1 -W '(&(syncToSBG=true)(!(proxyAddresses=smtp*)))'

Note: The object syncToSBG=true will not exist in the LDAP source, and this will force the search to not find any results.

To search for all user accounts:

ldapsearch -x -b "dc=example,dc=com" -D "[email protected]" -h 192.168.1.1 -W '(&(|(mail=*)(proxyAddresses=*))(sAMAccountName=*))'

Technical information

The ldapsearch utility is part of OpenLDAP. For more information, see http://www.openldap.org/.