For the archives.

The company went ahead with the SonicWall and it was as easy to setup as
they advertised.

The device has an LDAP configuration parameter that specifically knows
about Domino.

It pulled from the names.nsf and not the additional address books that
were linked by Directory Assistance.

Only oddity was that groups setup for public access (say as a permanent
alias for the customer service reps that seem to routinely change) with
only one member don't show up in the SonicWall as a group.

Only difficulty is that the users have to log into the device with their
real name (Jane Jones) instead of their short name (jjones) that they
have been trained to use _everywhere_ else. Fortunately, most of them
won't be signing in to it as the only reason would be if they identify a
false positive from the list in their summary mail.

One hidden gotcha is that if you put the device behind a firewall that
restricts port 80 outbound traffic, an exception needs to be made for
the device.

After a week of use I can say that this device works surprisingly well.
6,470 inbound emails, 5,708 junk email identified with only a hand few
slipping through and even less false positives. The management is very
pleased at the time savings. You might want to know that they are the
ones that have their email checked every 5 minutes and look at
everything within a couple of minutes. Now they only have to deal with
one junk mail summary mail each day and can otherwise continue their
email behavior.

Roger Vicker, CCP

On 11/13/2006 10:13 PM, Tom Kreimer wrote:
I have not used SonicWall authentication against a Domino LDAP and am in 
no way an LDAP expert, but I have set up a SonicWall against Microsoft AD 
(LDAP in disguise).

Either way, I don't see how it could return any information to an 
end-user. Even in the GUI administration, it looks like you can pick an 
(as in singular) attribute such as 'member'.

On the "test" tab for LDAP configuration, I enter my username and password 
and get the following returned user attributes:
userPrincipalName: tkreimer@xxxxxxxxxxxxxxxxxxx
memberOf: Limited Administrators
memberOf: WLAN Users
memberOf: Guest Services
memberOf: Trusted Users

The users just get a pass/fail at a login screen. We use it for VPN with 
their Global VPN client and for WiFi admission at a re-directed HTML login 
form.

On the theoretical side, wouldn't it be up to the LDAP directory what 
information it allows to be seen, and not the responsibility of a client?

Now that I've typed all that, I see you are talking about their e-mail 
security appliance. Different product. In a similar vein, I'm sure it 
allows you to define the returned attributes, and I'm wondering how the 
client can be responsible for what a server is willing to return.
====================================
Tom Kreimer
Information Alternatives



Hello,

I am looking into a Sonicwall EMail Security appliance that uses LDAP to
get user information from so it doesn't have to be separately configured.

What I want to confirm is that it will only be able to see the enrolled
users in names.nsf and not the addresses that they have put into another
database and made available via Directory Assistance for company wide
ease of addressing email.

This is Domino 7.0.1FP1 on OS/400 V5R3 (soon V5R4).

Thanks.

Roger Vicker, CCP

  



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.