Full LDAP Server
Idea shared by Jerry Bucci - 7/8/2020 at 6:53 PM
In Progress
I propose SmarterTools implements a full standard LDAP Server that customers can use for various purposes, the current LDAP implementation is very limited and does not conform to industry standards.

I need the LDAP server for use with Barracuda Networks Email Security, the current LDAP implementation fails to sync. In debugging the problem Barracuda's tech support determined the following:
"The SmarterMail implementation is not compatible with ESS because it does not provide a "RootDSE" that includes a "highestCommittedUSN" and "defaultNamingContext", both of which are required for sync'ing. At this time ESS only supports LDAP configurations appropriate for Windows/Exchange/O365/Azure AD."

For my needs, I need it to work like Exchange's LDAP, mainly when one does a query for users with the following mail attributes “mail,proxyAddresses”, the server returns the Primary Email Address in the “mail” column and a comma delimited list of Aliases for the Primary in the “proxyAddresses” column. Currently SmarterMail does not support the “proxyAddresses” column and returns Primary and Aliases in the “mail” column. There is currently no way to determine a Primary from an Alias.

The following page shows which mail servers have LDAP. Out of 30+, only 2 do not.

(For some reason SmarterMail is absent from this page)

Customers of SmarterMail would benefit if a full standard LDAP server is implemented.

9 Replies

Reply to Thread
1
I agree with Jerry, we need full LDAP or AD support badly 
4
Matt Petty Replied
Employee Post
I have added a feature request specifically for proxyAddresses we could get that implemented without too much trouble. I will add a note to investigate the full requirements and changes we would need to make to update our LDAP implementation to support LDAP services like ESS and others. 
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Thank you Matt, looking forward so that our users can change password in the Smartermail directly. 
0
Thank you Matt.
1
Matt Petty Replied
Employee Post
Went ahead and implemented the proxyAddresses field, you can query and get results using this. I tested it with domain aliases as well. There wasn't a ton of clear documentation on this and it's not necessarily easy to test against an example. Based on the documentation I'm reading and what I'm seeing here this is returning data correctly. Retuning only one address with "SMTP:" and also including the user as the primary proxy addresses were some things I had to dig around in the documentation for, hopefully these are correct.

Here are some examples.
I have 2 aliases point to mpetty@smartermail.io, I also have a smartermail.local domain alias...
___ Showing a Query using proxy addresses (using a domain alias) ____
--Query: (&(objectclass=*)(proxyAddresses=*mpetty@smartermail.local*))

--Result: (showing 'mail' result)
testalias@smartermail.io
alias2@smartermail.io
mpetty@smartermail.io

--Result: (showing 'proxyAddresses' result)
SMTP:testalias@smartermail.io,smtp:testalias@smartermail.local
SMTP:alias2@smartermail.io,smtp:alias2@smartermail.local
SMTP:mpetty@smartermail.io,smtp:testalias@smartermail.io,smtp:alias2@smartermail.io,smtp:mpetty@smartermail.local,smtp:testalias@smartermail.local,smtp:alias2@smartermail.local



Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Matt, thanks for working on this so quickly. Yes, there is very limited documentation.

Correct me if I misinterpret the results.

You indicated that 'mpetty@smartermail.io' is the only primary.

The 'mail' column...
_You have the primary and two aliases. I believe only the primary should be listed.

The 'proxyAddresses' column...
_Since I don't believe aliases should be listed in the 'mail' column, their proxyAddresses results should not be listed here.
_The 'mpetty@smartermail.io' results looks correct including the uppercase SMTP for the primary but I don't believe the smartermail.local aliases should be included. If you are querying one domain, the existence of domain aliases should not affect the results.

I found the following on MailEnable's LDAP properties. By default they don't include the Primary address in proxyAddresses but have an option to include it. I wouldn't mind having the ability to choose too.

Thanks again.





0
Matt,

I installed the latest version of SmarterMail (Build 7503) and performed LDAP queries and found the results are not correct.

Query results

1.    There are only two Primary addresses, red highlighted.
2.    The aliases are blue highlighted. These should not have been returned and should not have the uppercase SMTP in proxyAddresses which indicates a primary address.


Barracuda Networks supplied me with sample results for a Primary query and Alias query.

Successfully queried user myprimary@mydomain.com
Attribute mail has value of: myprimary@mydomain.com
Attribute sAMAccountName has value of: myprimary
Attribute proxyaddresses has value of: smtp:myalias@mydomain.com

Successfully queried user myalias@mydomain.com
Attribute mail has value of: myprimary@mydomain.com
Attribute sAMAccountName has value of: myprimary
Attribute proxyaddresses has value of: smtp:myalias@mydomain.com

This shows the primary address is always listed in the mail attribute even for the alias query.
It also shows the primary address is not included in the proxyAddresses.

Regards
0
Matt Petty Replied
Employee Post
I've added a task to make that correction. So what I'll need to dig into then is that (based on your example)
Users DONT include their own delivery address with SMTP:
Aliases (and other mechanisms like domain aliases) DO include their own address listed with the non-primary indicator, "smtp:"

I wonder under what conditions if any I should do "SMTP:", it is meant to describe the primary address but maybe describing a primary isn't necessary?

Either way, I've got a task in to fix this up and research it a bit more.

Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Thanks Matt.

To simplify when to include "SMTP:", make it an configurable option the admin can set.

MailEnable made it a configurable option.

Reply to Thread