I have several people who left the company and management wants their email addresses active for a while. I removed the person documents and created mail-in database documents for these individuals pointing their existing email address to their mail boxes. Managers have access to these mail boxes and check them from time to time.
What I realized recently is that these email addresses are not in our LDAP and our Spam gateway has fits that these folks have no LDAP record.
Is there a way to include the mail-in database email addresses in our Domino LDAP?
Are there any drawbacks to doing this?
Thanks, Quin
It is enough to add mail-in db in LDAP query you are ussing: you can add something like this (objectClass=dominoServerMailInDatabase)
I believe it's already there but when I search LDAP, the email address cannot be found.
You have to test your query from your Email Security solution anche check your resultset
When I search for my email address using the HCL LDAPSearch tool using
C:\Program Files (x86)\HCL\Notes>ldapsearch -h <host> "mail=my_email@domain.com"
I get a hit and results are returned.
When I search the same way for the mail-in database email address, I receive this error:
ldap_search: resultCode 1 (Operations error)
ldap_search: errorMessage: 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4563
Do you know LDAP query made but your ESG? Try to run it inside a tool like Softerra LDAP Browser
@Stefano Benassi
I downloaded and tried that tool but I'm not familiar enough with it to figure anything out. After seeing that Shrikant can do it, I feel as if it's just some setting that I'm missing. I'll probably just open a ticket with support.
I have below mail-in db on my Domino 12.0.1 server.
I can get the mail-in db result via ldap query as below.
Let me know which version of Domino you are running.
Thank you
Regards
Shrikant J
With anonymous access ldapsearch gives result as below for mail-in db. Thank you.
@Shrikant Jamkhandi
I am using Domino 12.0.1 as well. It seems like you have some setting that I don't.
After looking at your user, I noticed you have the /domain after the name. I just added that and tried a lookup again, but it gives me the same error. (maybe LDap needs to be refreshed?)
You may try below command on the Domino LDAP server.
lo updall -t ($Users) names.nsf -R
tell ldap reload schema
[4BF0:0002-0930] 12-07-2022 22:35:08 LDAP Schema: Started loading...
[4BF0:0002-0930] 12-07-2022 22:35:09 LDAP Schema: Finished loading
If this doesn't help try restarting the ldap task ( Restart task ldap) after that see if you are able to do a ldap query to the mail-in db. Thank you.
Unfortunately, that didn't help. I appreciate the attempt.
Yes, mail-in databases should appear in the ldapsearch result.
You can check the following in the LDAP tab of the configuration document. (Make sure that the Configuration document was set to * - Default -).
Also add the following in the LDAP Domino fields:
DisplayMailAddress
displayName
Then restart the LDAP task using the command: restart task ldap
Check also the Author / Readers field and make it "All readers and above" enabled.
We needed those two Domino fields added to the server configuration "*" document under LDAP.
Also we had to change each Mail-in database document, on the security tab, to "All readers and Above" like Christian said above.
I didn't know those documents had LocalDomainServers and LocalDomainAdmins on the document security tab and LDAP uses Anonymous to search for mail etc. which prevented the search to be completed.
Thank you , Christian!
