It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

What are the recommended LDAP settings to allow my Email Security Gateway to work with Active Directory?

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00002321

Scope:
Email Security Gateway models 300 and above using Microsoft Exchange's Active Directory for recipient verification.

Answer:
When configuring the Barracuda's LDAP verification to work with Active Directory, the common syntax is:
  • Bind DN: username (the Bind DN usually does not use a fully-qualified domain name with Microsoft Exchange 2000) or username@domain.com (the Bind DN usually must use a fully-qualified domain name with Microsoft Exchange 2003 and 2007)
  • LDAP Filter: The default filter listed in the Barracuda:

    ( (proxyaddresses=smtp:${recipient_email})
    (mail=${recipient_email})
    (userPrincipalName=${recipient_email}))

  • LDAP Search Base: ${defaultNamingContext} 
  • LDAP UID: sAMAccountName
  • LDAP Primary Email Attribute: mail
Remember to make sure that the LDAP Server and LDAP Port (usually 389) are specified.

Additional Notes:
Microsoft Exchange 2007 has a security feature that may prevent the Email Security Gateway from properly verifying recipients, even when the configuration on the Email Security Gateway is correct and tests successfully. This feature is enabled by default and may need to be disabled; you may need to allow anonymous connections on the Exchange server to allow the Email Security Gateway to perform Active Directory checks on incoming email recipient addresses. To do this, run the following command on your Exchange server:

Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionGroups "AnonymousUsers"

Where <ServerName> is the name of your Microsoft Exchange 2007 server.

Link to This Page:
https://campus.barracuda.com/solution/50160000000GmK2AAK