[SOLVED] Zimbra and Barracuda LDAP connection?

[acrowe]

We would like to have our Barracuda spam firewall do user validation via LDAP to make sure it is only delivering mail to valid users.

Has anyone set this up? I've seen a few references to trying to do it, but haven't seen anyone actually say they did it and how they set it up.

Mostly what I'm looking for is the schema points that were used.

Thanks!

[davecowen5]

I just went through this as we did our Exchange migration. Barracuda 300 on our end. Here's what works for me:

LDAP Filter: (|(zimbraMailDeliveryAddress=${recipient_email})(z imbraMailAlias=${recipient_email})(zimbraMailAddre ss=${recipient_email})(mail=${recipient_email}))
LDAP Search Base: ${defaultNamingContext}
LDAP UID: uid
LDAP Primary Email Attribute: mail
Canary Email: (valid account e-mail address)

I don't have alias unification enabled, as some aliases to distribution lists yield a warning that while the e-mail address was verified, that e-mail address doesn't have a uid. I have some aliases on the Zimbra server set to target domains that aren't configured on the Barracuda, so that's likely where that comes from. The warning doesn't impact the use of the e-mail verification feature, though.

[acrowe]

That's Great Thank You!!

I'll give it a try and report back

[bdial]

most vendors recommend against real time lookup in case like zimbra is down. we use sophos puremessage and they have a facility for scheduling a sync wherein addresses are fetched from zimbra via ldap, dumped to a file, and then imported into a db in puremessage and it reads recipients from that db and not live from zimbra.

[acrowe]

This works great. There were a couple of odd spaces in there, but once those were fixed everything is running well.

bdial,
If Zimbra is down then the message will be put on hold at the barracuda (since it would time out not fail). Especially since if Zimbra is down mail wouldn't be going anywhere. The Barracuda also maintains valid users on the system.

I know of many large orgs using the LDAP/Exchange connector on the Barracuda. Works like a charm.

My problem with scheduled sync's (in any system) is the time delay between when the sync happens and when the check event happens. I guess it depends on how frequently you add/remove accounts and the sync interval.

[meltingrobot]

Is there something else that may be missing. I'm not having any luck with this. Every time I do "Test LDAP" I get "LDAP Test Unsuccessful"

It says that it fails to bind to LDAP directory hostname.edu/389: Can't contact LDAP server

I've tried with TLS and without. No such luck.