Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2529
Views
0
Helpful
2
Replies

CES and LDAP routing

Go to solution
RoBu
Level 1
Level 1

‎04-21-2020 05:23 AM

Hi all,

we thought about using a LDAP based routing for the SMTP-Call-ahead like its described here in the user guide. 

 

So we can do the recipient validation like this:

domain1.com -> ask ldap.domain1.com

domain2.com -> ask ldap.domain2.com

domain3.com -> ask ldap.domain1.com

...

 

On our onprem ESA this works fine, but how could we implement this on a CES, where we dont have a LDAP server connected? We wont open our LDAPs to internet of course :)

 

Thanx 

RoB

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ppreenja
Cisco Employee
Cisco Employee

‎04-21-2020 06:06 AM

Hello RoB,

The Cloud Email Security (CES) appliances use the same software, so the LDAP setup would be the same. The only thing you would need to take into consideration is any firewall holes you may need to make in order to allow the LDAP traffic from CES into your environment. I would also highly recommend performing LDAP over SSL with our CES appliances for enhanced security.

However, since you have mentioned not allowing access to your LDAP servers in your environment from CES, you can request LDAP connector service from Cisco. For the same, please ensure you have received the CES LDAP Letter with the server and DN information. If you have not received this, please ensure you request the service from here: http://cs.co/ces-requests. If you have requested the service and not received the information, please reach out to ces-vpn-req@cisco.com.

Please check below articles for more details on the same:

https://docs.ces.cisco.com/docs/office-365-configuration-guide
https://docs.ces.cisco.com/docs/ces-instance-configuration
https://docs.ces.cisco.com/docs/ces-azure-to-ldap

I hope the above helps.

Cheers,
Pratham

View solution in original post

0 Helpful
2 Replies 2

Go to solution
ppreenja
Cisco Employee
Cisco Employee

‎04-21-2020 06:06 AM

Hello RoB,

The Cloud Email Security (CES) appliances use the same software, so the LDAP setup would be the same. The only thing you would need to take into consideration is any firewall holes you may need to make in order to allow the LDAP traffic from CES into your environment. I would also highly recommend performing LDAP over SSL with our CES appliances for enhanced security.

However, since you have mentioned not allowing access to your LDAP servers in your environment from CES, you can request LDAP connector service from Cisco. For the same, please ensure you have received the CES LDAP Letter with the server and DN information. If you have not received this, please ensure you request the service from here: http://cs.co/ces-requests. If you have requested the service and not received the information, please reach out to ces-vpn-req@cisco.com.

Please check below articles for more details on the same:

https://docs.ces.cisco.com/docs/office-365-configuration-guide
https://docs.ces.cisco.com/docs/ces-instance-configuration
https://docs.ces.cisco.com/docs/ces-azure-to-ldap

I hope the above helps.

Cheers,
Pratham
0 Helpful

Go to solution
RoBu
Level 1
Level 1
In response to ppreenja

‎04-30-2020 05:34 AM

Thanx Pratham!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents