Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2492
Views
0
Helpful
5
Replies

Help with Group Query

Leon_ironport
Level 1
Level 1

‎04-11-2008 04:34 AM

Hello,
I have this C100 with v6.0.0-747 asyncos.

I configured LDAP Server Profile and Group Query with:

Query String:(&(memberOf={g})(mail={a}))

or

(&(memberOf={g})(|(mail={a})(proxyAddresses=smtp:{a})))

When I run a Test query for both, I receive an:

Success — Action: match positive.
Reason: address confirmed as a member of the group.

Showing that my configuration is OK.

Then I go to the Mail policies, Outgoing Content Filters and created the following filter:

Tamanho_de_email_Armazens_outgoing_sender: if (recv-listener == "Outgoing") AND (mail-from-group == "cn=G_Email_ARMAZENS,ou=Grupos de Departamentais,dc=xxxx,dc=corp") AND (body-size >= 2097152) { notify ("$EnvelopeSender", "", "", "Tamanho de email Armazens"); drop(); }

When I do a trace, here is the result for the same email that mached in the test query:

Tamanho_de_email_Armazens_outgoing_sender Condition: recv-listener == "Outgoing": True
Condition: mail-from-group == "cn=G_Email_ARMAZENS,ou=Grupos de Departamentais,dc=caramuru,dc=corp": False

I configured a Log Subscriptions of LDAP Debug Logs, there I can see the following messages:

Fri Apr 11 00:05:27 2008 Critical: LDAP: Listener Outgoing does not reference a valid group query, comparison in filter will evaluate as false

Any ideias?

many thanks for your help, Leon.

Labels:
0 Helpful
5 Replies 5

kluu_ironport
Level 2
Level 2

‎04-11-2008 05:13 AM

Did you make sure you enabled the Group query on your Outgoing listener? [Network > Listener > Outgoing listener], then expand the LDAP queries at the bottom and make sure you turn on the Group query.

Same goes for Inbound if you plan to use Group query with the "Incoming Mail policies"


Hello,
I have this C100 with v6.0.0-747 asyncos.

I configured LDAP Server Profile and Group Query with:

Query String:(&(memberOf={g})(mail={a}))

or 

(&(memberOf={g})(|(mail={a})(proxyAddresses=smtp:{a})))

When I run a Test query for both, I receive an:

Success   	—  	Action: match positive.
Reason: address confirmed as a member of the group.

Showing that my configuration is OK.

Then I go to the Mail policies, Outgoing Content Filters and created the following filter:

Tamanho_de_email_Armazens_outgoing_sender: if (recv-listener == "Outgoing") AND (mail-from-group == "cn=G_Email_ARMAZENS,ou=Grupos de Departamentais,dc=xxxx,dc=corp") AND (body-size >= 2097152) { notify ("$EnvelopeSender", "", "", "Tamanho de email Armazens"); drop(); }

When I do a trace, here is the result for the same email that mached in the test query:

Tamanho_de_email_Armazens_outgoing_sender  	 Condition: recv-listener == "Outgoing": True
Condition: mail-from-group == "cn=G_Email_ARMAZENS,ou=Grupos de Departamentais,dc=caramuru,dc=corp": False

I configured a Log Subscriptions of LDAP Debug Logs, there I can see the following messages:

Fri Apr 11 00:05:27 2008 Critical: LDAP: Listener Outgoing does not reference a valid group query, comparison in filter will evaluate as false

Any ideias?

many thanks for your help, Leon.

0 Helpful

dkorell
Level 1
Level 1
In response to kluu_ironport

‎01-19-2018 06:59 AM

I know this post is 10 years old but thank you for helping me not beat my head against the wall anymore than I already have trying to get mail-from-group working in filters. It worked fine in the ldap group query test and in the mail policies so this was driving me crazy because I knew the system could see it.

0 Helpful

Leon_ironport
Level 1
Level 1

‎04-11-2008 05:28 AM

What a silly question!! I'm ashemed :oops: . After turning on the group query, everything works as expected.

I had this filter working on incoming listener then I created another listener and forgot to turn on the group query.

Maybe in future releases, LDAP Debug Logs can point to turn on the group query.

Many thanks for your help, Leon.

0 Helpful

kluu_ironport
Level 2
Level 2

‎04-11-2008 05:59 AM

Actually, the LDAP debug log kind of already does that. This entry is what helped me think that the group query wasn't being assigned to anything yet.



Fri Apr 11 00:05:27 2008 Critical: LDAP: Listener Outgoing does not reference a valid group query, comparison in filter will evaluate as false

0 Helpful

Leon_ironport
Level 1
Level 1

‎04-11-2008 08:02 PM

Just to share this scenario with all citizens.
They have a qmail server. But doing all search usind AD. I know all information is duplicated but as almost every customer have AD and is easy to administrate it is a good alternative. But as exchange is not installed schema wasnt extended.

Here follow LDAP Server Settings to use with AD without exchange installed:

Domain controlers are Win2003
Port:3268

Accept Query
Query String: (mail={a})

Group Query
Query String: (&(memberOf={g})(mail={a}))

Tested and working.

Cheers, Leon.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents