cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1645
Views
0
Helpful
1
Replies

Failing to run "Accept Query" and "Group Query"

zheka_pefti
Explorer
Explorer

Hi folks,
I ran into an weird situation with testing AD queries, namely Accept and Group query. The thing is that I successfully bind to AD using port 389 and the username in the format DOMAIN\user

But whenever I test "Accept Query" I enter the valid email address of the valid domain user in the form of user1@domain.com and get this error:

Query results for host:192.168.1.30
Query  (proxyAddresses=smtp:user1@domain.com) to server AD_PROFILE  (192.168.1.30:389)
Query (proxyAddresses=smtp:user1@domain.com) lookup  failed: Invalid DN syntax, server diagnostic: 0000208F: NameErr: DSID-031001F7,  problem 2006 (BAD_NAME), data 8349, best match of: 'ou=Users,  dc=domain.com dc=com'
Failure: Invalid DN syntax, server  diagnostic: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data  8349, best match of: 'ou=Users, dc=domain.com dc=com'

Almost the same thing with the group query:

Query results for host:192.168.1.30
Query  (&(memberOf=support)(proxyAddresses=smtp:support@domain.com)) to  server AD_PROFILE (192.168.1.30:389)
Query  (&(memberOf=support)(proxyAddresses=smtp:support@domain.com)) lookup  failed: Invalid DN syntax, server diagnostic: 0000208F: NameErr: DSID-031001F7,  problem 2006 (BAD_NAME), data 8349, best match of: 'ou=Users,  dc=domain.com dc=com'
Failure: Invalid DN syntax, server  diagnostic: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data  8349, best match of: 'ou=Users, dc=domain.com dc=com'


Or even worse, now the result of the query comes as follows:

Query results for  host:192.168.1.30
Query (proxyAddresses=smtp:user1@domain.com) to  server KOIOS_AD_PROFILE (192.168.1.30:389)
Query  (proxyAddresses=smtp:user1@domain.com) lookup failed: Referral following  yielded no result.
Failure: Referral following yielded no  result.

My Base DN is configured as follows:
ou=Users, dc=domain.com dc=com

Can someone please steer me into the right direction to sort this error.

Eugene

1 Reply 1

Christopher Smith
Enthusiast
Enthusiast

Hi,

This may be  due to erroneous configuration in "LDAP Server Settings".

Please note: Don't use space to separate domain components(dc=) instead of comma. The error codes also point out the reason:
'ou=Users,  dc=domain.com dc=com'

So try modifying your query using a comma instead of a space, then flush ldap cache, and try the query again.

You can flush the cache by issuing the command 'ldapflush' from the cli.

Christopher C Smith

CSE
Cisco IronPort Customer Support 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers