01-16-2011 04:12 PM
Hi folks,
I ran into an weird situation with testing AD queries, namely Accept and Group query. The thing is that I successfully bind to AD using port 389 and the username in the format DOMAIN\user
But whenever I test "Accept Query" I enter the valid email address of the valid domain user in the form of user1@domain.com and get this error:
Query results for host:192.168.1.30
Query (proxyAddresses=smtp:user1@domain.com) to server AD_PROFILE (192.168.1.30:389)
Query (proxyAddresses=smtp:user1@domain.com) lookup failed: Invalid DN syntax, server diagnostic: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8349, best match of: 'ou=Users, dc=domain.com dc=com'
Failure: Invalid DN syntax, server diagnostic: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8349, best match of: 'ou=Users, dc=domain.com dc=com'
Almost the same thing with the group query:
Query results for host:192.168.1.30
Query (&(memberOf=support)(proxyAddresses=smtp:support@domain.com)) to server AD_PROFILE (192.168.1.30:389)
Query (&(memberOf=support)(proxyAddresses=smtp:support@domain.com)) lookup failed: Invalid DN syntax, server diagnostic: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8349, best match of: 'ou=Users, dc=domain.com dc=com'
Failure: Invalid DN syntax, server diagnostic: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8349, best match of: 'ou=Users, dc=domain.com dc=com'
Or even worse, now the result of the query comes as follows:
Query results for host:192.168.1.30
Query (proxyAddresses=smtp:user1@domain.com) to server KOIOS_AD_PROFILE (192.168.1.30:389)
Query (proxyAddresses=smtp:user1@domain.com) lookup failed: Referral following yielded no result.
Failure: Referral following yielded no result.
My Base DN is configured as follows:
ou=Users, dc=domain.com dc=com
Can someone please steer me into the right direction to sort this error.
Eugene
01-20-2011 09:35 AM
Hi,
This may be due to erroneous configuration in "LDAP Server Settings".
Please note: Don't use space to separate domain components(dc=) instead of comma. The error codes also point out the reason:
'ou=Users, dc=domain.com dc=com'
So try modifying your query using a comma instead of a space, then flush ldap cache, and try the query again.
You can flush the cache by issuing the command 'ldapflush' from the cli.
Christopher C Smith
CSE
Cisco IronPort Customer Support
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide