|
For the archives. The company went ahead with the SonicWall and it was as easy to setup as they advertised. The device has an LDAP configuration parameter that specifically knows about Domino. It pulled from the names.nsf and not the additional address books that were linked by Directory Assistance. Only oddity was that groups setup for public access (say as a permanent alias for the customer service reps that seem to routinely change) with only one member don't show up in the SonicWall as a group. Only difficulty is that the users have to log into the device with their real name (Jane Jones) instead of their short name (jjones) that they have been trained to use _everywhere_ else. Fortunately, most of them won't be signing in to it as the only reason would be if they identify a false positive from the list in their summary mail. One hidden gotcha is that if you put the device behind a firewall that restricts port 80 outbound traffic, an exception needs to be made for the device. After a week of use I can say that this device works surprisingly well. 6,470 inbound emails, 5,708 junk email identified with only a hand few slipping through and even less false positives. The management is very pleased at the time savings. You might want to know that they are the ones that have their email checked every 5 minutes and look at everything within a couple of minutes. Now they only have to deal with one junk mail summary mail each day and can otherwise continue their email behavior. Roger Vicker, CCP On 11/13/2006 10:13 PM, Tom Kreimer wrote:
I have not used SonicWall authentication against a Domino LDAP and am in no way an LDAP expert, but I have set up a SonicWall against Microsoft AD (LDAP in disguise). Either way, I don't see how it could return any information to an end-user. Even in the GUI administration, it looks like you can pick an (as in singular) attribute such as 'member'. On the "test" tab for LDAP configuration, I enter my username and password and get the following returned user attributes: userPrincipalName: tkreimer@xxxxxxxxxxxxxxxxxxx memberOf: Limited Administrators memberOf: WLAN Users memberOf: Guest Services memberOf: Trusted Users The users just get a pass/fail at a login screen. We use it for VPN with their Global VPN client and for WiFi admission at a re-directed HTML login form. On the theoretical side, wouldn't it be up to the LDAP directory what information it allows to be seen, and not the responsibility of a client? Now that I've typed all that, I see you are talking about their e-mail security appliance. Different product. In a similar vein, I'm sure it allows you to define the returned attributes, and I'm wondering how the client can be responsible for what a server is willing to return. ==================================== Tom Kreimer Information Alternatives Hello, I am looking into a Sonicwall EMail Security appliance that uses LDAP to get user information from so it doesn't have to be separately configured. What I want to confirm is that it will only be able to see the enrolled users in names.nsf and not the addresses that they have put into another database and made available via Directory Assistance for company wide ease of addressing email. This is Domino 7.0.1FP1 on OS/400 V5R3 (soon V5R4). Thanks. Roger Vicker, CCP
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
