We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How do I set the LDAP filter with SMTP Authentication / SASL on the Email Security Gateway?

  • Type: Knowledgebase
  • Date changed: 10 months ago
Solution #00001923

All Email Security Gateways configured to do Outbound Relay and all Outbound Email Security Gateways, firmware versions 3.3 and higher.

Please note that the LDAP filter for SMTP Authentication / SASL uses a different syntax from the LDAP configuration used for recipient verification.

On the Advanced > Outbound/Relay page, recommended settings for the LDAP Filter include:

For ActiveDirectory, (sAMAccountName=%u)
For OpenLDAP - (cn=%u)

The LDAP Filter should be in the form (<uid>=%u), where <uid> is the UID value on the LDAP server. Here are other tokens that may be useful for the LDAP Filter when configuring SMTP Authentication / SASL. The following tokens can be used in the LDAP Filter string:
  • %% = %
  • %u = user 
  • %U = user portion of %u (%U = test when %u = test@domain.com)
  • %d = domain portion of %u if available (%d = domain.com when %u = test@domain.com), otherwise it will be same as %r (see below)
  • %1-%9 = domain tokens (%1 = com, %2 = domain when %d = domain.com) 
  • %s = service 
  • %r = realm 
  • %D = user DN (available for group checks)
At least the %u token should be used for the filter to be useful.

Link to This Page: