Comodo Antispam Gateway

• Introduction To Comodo Antispam Gateway
  • Release Notes
  • Purchase License
  • License Information
• Get Started
  • Incoming Filtering Configuration
    • Configure Your Mail Server
    • Configure MX Records
      • Update MX Records In Windows 2003/2008 Server
      • Update MX Records On A Host Using BIND
      • Update MX Records For Comodo DNS
      • Update MX Records For GoDaddy
      • Update MX Records For Enom
      • Update MX Records For Network Solutions
      • Update MX Records For Yahoo! Small Business
      • Update MX Records For 1and1
      • Update MX Records For 4D Web Hosting
      • Update MX Records For DNS Park
      • Update MX Records For DreamHost
      • Update MX Records For DynDNS
      • Update MX Records For IX Web Hosting
      • Update MX Records For No-IP
      • Update MX Records In CPanel
  • Outgoing Filter Configuration
    • Per-User Authentication
    • Outgoing Smarthost Setup
      • Configure QMail To Use A Smarthost
      • Configure PostFix To Use A Smarthost
      • Configure Sendmail To Use A Smarthost
      • Configure Exchange 2000/2003 To Use A Smarthost
      • Configure Exchange 2007/2010 To Use A Smarthost
      • Configure Exchange 2013/2016 To Use A Smarthost
      • Configure Office 365 To Use A Smarthost
      • Configure Exim To Use A Smarthost
        • Configure Exim / CPanel To Use A Smarthost
        • Configure Exim / Directadmin To Use A Smarthost
    • DNS Configuration
• Login To The Admin Console
• The Dashboard Area
• The Admin Console
• Domain Management
  • Add A Domain
  • Delete Domains
  • Edit Domains
  • Validate Domains
  • Manage A Domain
    • Domain Dashboard
    • Incoming
      • Quarantine
      • Manage Archived Mails
      • Incoming Spam Detection Settings
      • Report Spam
      • Delivery Queue
      • Destination Routes
      • Local Recipients
      • Clear Incoming Cache
      • Log Search
      • Domain Aliases
      • Domain Settings
      • Manage Report Subscriptions For Selected Domain
      • Relay Restrictions
      • Geolocation Restrictions
      • SPF Control Settings
    • Outgoing
      • Clear Outgoing Cache
      • Log Search
      • Users
      • Office 365 Activation
    • Email Management
      • Email Size Restriction
      • Blocked Extensions
      • Released Requests
      • Blacklisted Requests
      • Whitelisted Requests
    • Domain Audit Log
      • Audit Log Configuration
      • View Domain Log
    • Domain Rules
      • Rules
      • TLD And GTLD Rules
      • Recipient Whitelist
      • Sender Whitelist
      • Recipient Blacklist
      • Sender Blacklist
      • Whitelist Senders Per User
      • Blacklist Senders Per User
    • Account Management
      • User Account Management
      • Manage User Auto-import
      • View User History
      • Import Users From LDAP
        • LDAP Import Configuration
        • LDAP Import Confirmation List
        • LDAP Import Ignore List
• Audit Log
• Administrator Account Management
  • Administrators
  • User Groups & Permissions
  • Admin Groups & Permissions
  • My Comodo Account
  • My Profile
  • Users History
• Customer Management
  • End User License And Subscriber Agreements
  • View License Information
  • Manage Report Subscriptions
  • Notification Email Settings
• CASG Reports - An Overview
  • Quarantine Report
  • Domain Statistics Report
  • Auto-Imported Users Report
  • Quarantine Release Report
  • Reported Spam Report
• Appendix 1 - CASG Error Codes
• Appendix 2 - CASG Comparison Table
• Appendix 3 -Troubleshooting LDAP
• Appendix 4 - Useful Links
• About Comodo Security Solutions

LDAP Import Configuration

The LDAP import screen lets you import users from the domain's Active Directory server.

We recommend you create a separate user account for CASG to login to the AD server, and that this account be given read-only permissions.

Configure LDAP import

• Open the 'Domains' interface

• Select the domain to which you want to import users.

• Click the 'Manage Domain' button

• Click 'Account management' > 'LDAP import configuration':

The 'LDAP import configuration' interface will open:

Connection Settings

• Host (IP Address or Name) - Enter the hostname or external IP address of the AD server. If your organization uses the same physical server for AD and mail, then enter the details of the mail server.

• Port - Enter the port number of the Active Directory server.

• 389 is the default port for non-SSL connections ('Use SSL To Connect?' box NOT checked)

• 636 is the default port for SSL connections ('Use SSL To Connect?' box checked)

• Use SSL To Connect? - Select 'Yes' to use secure LDAP. You need to have an SSL certificate from a trusted certificate authority on your AD server. Self-signed certificates are not allowed.

Login/Query Settings

• LDAP login name - Account username which CASG should use to login to the AD server. Preferably, a new user account should be created especially for the CASG server. The user account should have 'read' privileges to the AD server. The username can be of the format 'username' or 'username@domainname.com'

• Password - Enter the password of the LDAP user account above.

• Remember Credentials - Enable if you want CASG server to store the username/password of the user account in order to automatically login.

• Synchronization interval - This is relevant if you want CASG to connect to the AD server in order to synchronize the user base. Select the time interval at which the synchronization occurs from the drop-down. If not, select 'No auto updates'.

• BaseDN - Distinguished Name of the user object in Active Directory. By default, the BaseDN field will contain the Domain Component (DC) values based on the domain name for which LDAP is configured. You can add/change the values of the strings 'Container Name (CN)', 'Organizational Unit (OU)' and 'domain name' depending on the users to be imported from the Active Directory.

Example: For adding users from Container 'Users', Organizational unit 'Organization' and domain 'example.com', the administrator has to enter the following:

CN=Users, OU = Organization, DC=example, DC=com

• Filter - Enables the Administrator to specify filter parameters users/addresses to be imported from the AD server. Each filter parameter should be defined within parentheses. Common filter parameters are explained below:

(objectClass= < ad user type > ) - Specifies the user accounts to look for from the domain’s Active Directory. (Default=(objectclass=user))

(mail=* < domain name > ) - Instructs CASG to import only the users that have a defined SMTP account within the domain. By default, the filter is pre-added with the parameter (mail=*@[current domain name]) to import the users that have email addresses on the current domain.

 You can add any number of (mail=) filters if you wish to add several domain names

Example: (mail=*@domainname1.com)(mail=*@domainname2.com)

To import all email enabled users from the Active Directory irrespective of any specific domain name, enter the parameter as '(mail=*)'.

To modify a filter parameter to be exclusive rather than inclusive, add an exclamation mark (!) before the opening parenthesis of any parameter. This will instruct the query to ignore any users which fall into that category. For example, if one wanted to configure a query to find users with mail enabled at any domain EXCEPT domainname.com, the filter should include the following: (mail=*)!(mail=*@domainname.com).

To import all email enabled users from the Active Directory irrespective of any specific domain name, enter the parameter as '(mail=*)'.

• Mail attribute - Enter the LDAP display name of the contact email address attribute of the AD Server. By default, this attribute name will be 'mail' for AD servers or the distinguished name (DN) or common user login name for the AD server. On other servers like Novel or OpenLDAP this attribute may be different and server specific.

Override existing records:

• Allow CASG to create user accounts as found on LDAP server – Select this checkbox if you wish new users added in the AD server to be automatically added to CASG during synchronization. If you do not select this option, you can manually import the new users from the LDAP import confirmation page.

• Allow CASG to delete user accounts not found on LDAP server – Select this checkbox if you wish users removed from AD server, to be automatically removed from CASG during synchronization. If you do not select this option, you can manually remove users from the LDAP import confirmation page.

Information Settings

• Send Reports - If enabled, CASG will send email notifications to the administrator whenever new users are created or users are removed either automatically, (if 'Allow to create users?'/'Allow to delete users?' are enabled) or manually from the LDAP import confirmation page.

• Last synchronization time (GMT) - Displays the date and time of last manual or scheduled synchronization with AD server, in GMT.

• Notification area – Contains information about errors that occurred during synchronization. In most cases, this will contain the same information that is provided with the “Test connection” feature. Note - this area is only visible if errors occur.

• To check the configuration and connectivity, click 'Test Connection'. If the connection is established successfully then the success message will be displayed with the total number of users detected from the AD server.

• Click 'Save' to store your configuration.

• Click 'Save and run synchronization now' to store your configuration and synchronize the CASG user base with the AD server.