Configuring LDAP Queries

TIP: If you selected the Auto-fill LDAP Query when saving configuration option in the Settings section, the LDAP Query Panel fills with default values automatically.

To successfully allow users to login to their Junk Box:

TIP: To examine your LDAP tree in its entirety to get a comprehensive look at your LDAP structure and its various attributes and object classes, run the free program, Softerra LDAP Browser 2.5, available at: http://www.ldapbrowser.com/download/index.php On a Windows PC, download the program. When it is running, to determine the best query for your network, browse to a user on the network and examine their attributes.

TIP: If you did not specify Auto-fill LDAP Query fields when saving configuration in the Settings section, you can click the Auto-fill User Fields button to do so.

The information contained in LDAP is organized into a directory tree much like an ordinary file system. Each directory is specified as a name=value pair, where:

To specify a particular node in LDAP you use a comma-separated list. To specify multiple nodes to search in, use the ampersand (&) character between full paths.

For example, if the hostname of a particular machine inside companyxyz was computer27.sales.companyxyz.com, the LDAP path might be:

DC=computer27,DC=sales,DC=companyxyz,DC=com

TIP: To see examples for the various directory types, click the Question Mark icon next to the Directory Node to Begin Search field

Anti-Spam must be instructed on how to find and identify users and mailing lists. By specifically stating the Object Class and mail attribute in the Filter field, non-primary email accounts (such as printers and computers) are not included during an LDAP query. Focusing on primary user accounts speeds up the query.

The Filter field contains an example syntax:

(&(|(objectClass=group)(objectClass=person)(objectClass=publicFolder))
(mail=*))

All LDAP filters are grouped in parenthesis, and the filter itself has a pair of parentheses surrounding the whole string. The very next character from the left is an ampersand (&). The LDAP filter syntax is prefix notation, which means this filter only returns the logical AND of three sub-filters, each grouped in parentheses. Other operators include a pipe (|) for OR and an exclamation point (!) for NOT.

TIP: To see examples for the various directory types, click the Question Mark icon next to the Filter field

IMPORTANT: This field works in conjunction and needs to agree with the Filter field. If you change sAMAccountName, you must change it in both the Filter field and the User Login Name Attribute field.

TIP: To see examples for the various directory types, click the Question Mark icon next to the User Login Name Attribute field

At many companies, an end user has multiple email accounts that all map to one true email account. For example, JohnS@example.com and John.Smith@example.com might both be valid email addresses for John Smith's InBox. Anti-Spam supports this by allowing an end user to have one junk email box that groups all email from their various email addresses.

The generally accepted single attribute for this field is proxyAddresses. All other attributes must be separated by a comma. For example:

TIP: In Microsoft Windows environments, the single attribute, proxyAddresses, is often sufficient. To see examples for the various directory types, click the Question Mark icon next to the Email Alias Attribute field

6	Optionally, test to see if your settings work, click Test User Query button under the Query Information for LDAP Users section.

TIP: If you did not specify Auto-fill LDAP Query fields when saving configuration in the Settings section, you can click the Auto-fill Group Fields button to do so.

14	Optionally, test to see if your settings work, click the Test User Query button under the Query Information for LDAP Groups section.