Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 6771 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed Directory Service connect to Active Directory. "Unable to detect LDAP alias attribute"

Mohammad Iqbal

I had problem when try to sync Directory Service with Active Directory using auto detect method.

 

 

Error message "Unable to detect LDAP alias attribute"

 

anyone know about this?

 



This thread was automatically locked due to age.
  • 0

    Please try this KB to double check all settings are correct:

    This article describes how to configure access to your Active Directory server, so that the Sophos Email Appliance can use your Active Directory data. The Appliance can use this data for end-user authentication, to apply mail filtering policies to Active Directory user groups, and to use Active Directory email aliasing.

    This article describes how to:

    To detect and configure Active Directory settings

    On the Configuration page, select System|Active Directory.

    You can configure Active Directory integration automatically or manually.

    To automatically detect and configure Active Directory settings

    1. Click Detect Settings. The Detect Settings dialog box is displayed.
    2. In the displayed fields, enter the information required to access the server:
      • Server: enter the hostname or IP address of your organization's Active Directory server.
      • Username: enter the username required to access the Active Directory server.
      • Password: enter that user's password.
    3. Click OK to poll the Active Directory server for the settings information. If successful, the Appliance will:
      • connect to the server
      • detect the Active Directory settings
      • display the message "Detect settings complete".
    4. In the Detect Settings dialog box, click OK.
      The dialog box closes and the Active Directory settings text boxes are filled with the required information.
    5. Set the synchronization interval from the drop-down menu.
      If new users are added in Active Directory, and Active Directory server access has been configured in this page, then mail for the new users will be rejected until a synchronization has been done. It is therefore advised that you set the synchronization interval to a short time period, such as one hour, to minimize unwanted message rejections.
    6. Use the Enable recipient validation via Active Directory check box to set whether you want to use this feature. If selected, the applinace's mail transfer agent (MTA) uses Active Directory queries to determine if messages are addressed to valid recipients. If this option is not selected, the MTA uses SMTP recipient validation, whereby the MTA connects to the internal mail server to confirm that an address exists.
    7. Click Apply to commit configured options, or click Cancel to discard any changes.

    If the auto-detect settings operation fails, complete the additional steps described below.

    1. Review the information in the Active Directory settings text boxes to ensure that those are the settings that you want to use. If not, override them by entering the information that you prefer, and then click Verify Settings.
    2. The Verify Settings dialog box is displayed and shows the results of each verification step. If the verification is successful, click OK in the dialog box to close it. If the verification fails, correct your information and retry the verification.
    3. Perform steps 5-7 as above.

    To manually detect and configure the Active Directory settings

    1. Enter the required information in the Active Directory settings text boxes:
      • Active Directory server: the fully qualified hostname of the server used for Active Directory lookups.
      • Password: the password required for Active Directory lookups.
      • DN to authenticate: the distinguished name (DN) used to connect to the Active Directory server. It is used to query the DN of the user the system is attempting to authenticate.
      • Active Directory port: the port number of the server used for Active Directory lookups. If the Active Directory global catalog (GC) is used, the port is 3268. Otherwise, the default port is 389
      • Email attribute: the object attribute for email addresses in Active Directory. The default is "mail".
      • Email alias attribute: the object attribute for proxy addresses in Active Directory. The default is "proxyAddresses".
      • Base DN for users/groups: the top Active Directory node from which searches are performed.
      • Account attribute: the Active Directory object attribute that is queried when logging into the 'End-User Web Interface'. The default is "sAMAccountName".
      • Group name attribute: the Active Directory object attribute that is queried when configuring a policy rule with specific group names.  The default is "name".
    2. Click Verify Settings.
      The Verify Settings dialog box is displayed and shows the results of each verification step. If the verification is successful, click OK in the dialog box to close it. If the verification fails, correct your information and retry the verification.
    3. Set the synchronization interval from the drop-down menu.
    4. Use the Enable recipient validation via Active Directory check box to set whether you want to use this feature. If selected, the appliance's mail transfer agent (MTA) uses Active Directory queries to determine if messages are addressed to valid recipients. If this option is not selected, the MTA uses SMTP recipient validation, whereby the MTA connects to the internal mail server to confirm that an address exists.
    5. Click Apply to commit configured options, or click Cancel to discard any changes.

    To manage Active Directory user groups in the Appliance

    On the Configuration page, select Accounts|User Groups.

    To add Active Directory groups

    1. In the Select groups from Active Directory table, click Add. The Active Directory dialog box is displayed.
      (Use CTRL-click to select more than one group, or SHIFT-click to select a range of groups.)
    2. In the Available Groups list, select the group(s) that you want to add, and click the right arrow button.
      The groups are added to the Selected Groups list.
      • To remove groups from the Selected Groups list, select the group(s), and click the left arrow button.
    3. Click OK to save your changes, or click Cancel to abandon the operation without making any changes.

    To remove Active Directory groups

    In the Select groups from Active Directory table, select the check box beside the account that you want to remove, and click Delete.

    Using Alias support

    • When Alias support from Active Directory is enabled, Enabled is displayed, and a Disabled button is displayed. Click Disabled to quit using alias support from Active Directory.
    • When Alias support from Active Directory is not enabled, Disabled is displayed, and an Enabled button is displayed. Click Enabled to use alias support from Active Directory.

    You also have the option of managing groups manually. For more information, refer to the Appliance Help.


    If this does not work please allow access:

    In order to advance your case it will be necessary for Sophos to access your appliance on the command line via an SSH support tunnel. Please ensure port 22 is allowed outbound through your firewall so the connection can be established.

    To enable remote assistance please use the following procedure:

    1. Log in to the appliance
    2. Select the "Help" button on the top right hand side
    3. A popup will appear with the help page, select "Sophos Support" on the lower left
    4. Now select "Enable" in the Remote Assistance box. You will see a dialogue messages with "attempting to connect" and ending with "connected"
    5. Now click the "About" option make note of the "Serial number"
    6. Once the tunnel has connected please reply to this email with the serial number and we will log onto your appliance to continue troubleshooting your case
Unfiltered HTML