antispamLDAP

Anti-Spam > LDAP Configuration

The LDAP Configuration screen allows the Administrator to configure various settings specific to the LDAP server.

Available LDAP Servers

This section will display any LDAP Servers that have been configured on the SonicWALL appliance.

Adding an LDAP Server

In the Available LDAP Servers section, click the Add Server button. The Server Configuration section will expand and allow the Administrator to begin providing the following configurations for a new LDAP Server:

•

Friendly Name —A friendly name for the LDAP Server.

•

Primary Server name or IP address —The server name or the IP address of the LDAP Server.

•

Port Number —The port number of the LDAP Server. The default port number is 389.

•

LDAP Server Type —Choose from the dropdown list of servers: Active Directory, Lotus Domino, Exchange 5.5, Sun ONE iPlanet, or Other.

•

LDAP Page Size —The maximum page size on the LDAP Server to be queried.

•

Requires SSL —Selecting this enables the LDAP Server to require SSL.

•

Allow LDAP Referrals —Selecting this allows LDAP referrals.

From the Authentication Method section, you will need to configure the LDAP login method for users. Select either Anonymous bind or Login for the LDAP login method, and then specify the Login name and Password . You can also enable the Auto-fill LDAP Query fields when saving configuration option by selecting the checkbox. Click Save Changes to finish adding an LDAP Server.

Note

You can test the settings you just configured by clicking the Test LDAP Login button on the bottom right corner of the Authentication Method section.

Configuring an LDAP Server

From the list of available LDAP servers, click the Edit icon . The Server Configuration, LDAP Query Panel, and Add LDAP Mappings sections expand for you to edit. The Server Configuration section that expands upon clicking the Edit icon is the same section you configured when adding a new LDAP server.

 

LDAP Query Panel

If you selected the Auto-fill LDAP Query fields option in the Server Configuration section, the LDAP Query Panel will automatically fill with default values.

If you did not select the aforementioned option, the following values will need to be specified in order to successfully allow users to login to their Junk Box:

•

Directory Node to Begin Search —Specify a full LDAP directory path that points towards a node containing the information for all groups in the directory.

•

Filter —Specify an LDAP filter to easily find and identify users and mailing lists on the server. In this example, (&(|(objectClass=group)(objectClass=person)(objectClass=publicFolder))(mail=*))

•

User Login Name Attribute —Specify the text attribute the user will use as their ‘login name.’ The generally accepted attribute for this field is sAMAccountName. Note that this field works in sync with the Filter field, and needs to agree in both fields if changed.

•

Email Alias Attribute —Specify the email address, EmployeeID, PhoneNumber, or other alias attributes that link a single user to his or her junk box. The single generally accepted attribute for this field is proxyAddresses . Note that any other attributes must be separated by a comma. In this example, proxyAddresses,legacyExchangeDN .

 

Add LDAP Mappings

If you are using a Microsoft Windows environment, you will need to specify the NetBIOS domain name. To locate the NetBIOS domain:

1.	Login to your domain controller.

2.	Navigate to Start > All Programs > Administrative Tools > Active Directory Domains and Trusts .

3.	Highlight your domain from the Active Directory Domains and Trusts dialog box.

4.	Click Action . Then, click Properties . The domain name appears on the domain’s Properties dialog box on the General tab.

5.	Add the NetBIOS domain name(s) to the Domains section, separating multiple domains with a comma.

6.	Click Save Changes to finish.

 

Conversion Rules

On certain LDAP servers, such as Lotus Domino, some valid email addresses do not appear in the LDAP. The Conversion Rules section changes the way the SonicWALL Email Security appliance interprets certain email addresses, providing a way to map the email address to the LDAP Server. Click the View Rules button to bring up the LDAP Mappings dialog box.

 

Select the LDAP Server you are using from the dropdown list, then click Go . You can filter the search also by the following:

Domain Mappings

–

domain is —Adds additional mappings from one domain to another

•

replace with —Replaces the domain with the one specified

•

also add —Adds the second domain to the list of valid domains

–

left side character is —Adds character substitution mappings

•

replace with —Replaces the character specified in all characters to the left of the “@” sign in the email address

•

also add — Adds a second email address to the list of valid email addresses

Click the Add Mapping button to finish adding the Conversion Rules.