IronPort LDAP group query - How do I recursive?

NativeConnections · ‎08-29-2013

The default LDAP group query "(&(memberOf={g})(proxyAddresses=smtp:{a}))" does not perform a recursive group search. It will not find members of groups within groups.

I tried using this query, which functions correctly in active directory, but returns no matches in the IronPort appliance, "(&(memberOf:1.2.840.113556.1.4.1941:={g})(proxyAddresses=smtp:{a}))".

Is there a better way to do this? One that works?

Filippo Carzaniga · ‎06-04-2014

Hi all,

Me too.. I have the same problem with vESA 8.5.5-280.

Something to suggest?

Stephan Bayer · ‎06-04-2014

Hi,

This could not be working based on many factors. The default settings may require manual tweaking.

Please look at the "distinguished name" of the LDAP group objects.

you may have to get the distinguished names of one of the groups and modify the original query to include the distinguished name like in the example below.

Query: (&(memberof=CN={g},OU=Distribution Groups,OU=ExchangeObjects,OU=Corp,DC=swc,DC=local)(proxyAddresses=smtp:{a}))

Also I think your best bet would be to call Cisco Tac and open a case for support. I hope this helps!

http://www.cisco.com/support
US Toll Free Customer Support +1 800 553 2447 Option #1

IronPort LDAP group query - How do I recursive?

LDAP Group Query

Ironport Content Filter: Match sender to LDAP Group

LDAP group query

Cisco WSA unable to fetch LDAP group information from LDAP server

GRE - Recursive loops