Cisco ESA group query

mjakircisco · ‎03-16-2016

Hello,

Can Ironport query the IBM Domino LDAP to check if the email address is member of a lotus domino group?

Thanking You in advance.

Kind Regards

Hrvoje (Harry) Dogan · ‎03-16-2016

Hi there,

It's been a while since I've worked with Domino, but if I remember correctly, Domino does not expose group membership in its LDAP interface. You must know that Domino LDAP is just a very limited interface to data stored inside Domino database.

To be on the safe side, I would recommend to run an LDAP browser and check what information Domino exposes in LDAP; maybe you will be able to find something you can base your group query on. The ESA can execute arbitrary LDAP queries as part of "group membership" determination, so you can be pretty flexible and creative.

Hope that helps

mjakircisco · ‎03-17-2016

Hrvoje,

Thank You for your reply.

p.s.: Iskoristit cu priliku da te pozdravim. Prije nekoliko godina zajedno smo slagali IronPort u RBA.

Cujem od tvojih Cisco kolega da se skitas po bijelom svijetu,

Znam u cemu je problem za ovaj group query ali sam se nadao da postoji neko gotovo rjesenje (kao npr. za accept query)

herve.pouyet-ext · ‎02-01-2017

Bonjour,

Si votre problème n'est pas résolu...

Vous pouvez essayer ceci : (|(cn={a})(mail={a}))(&(dominoaccessgroups={g}))

Cordialement.

Hervé