Questions? Call or email

Active Directory group membership predicates incorrectly using SMTP domain of email address for base of search

Predicates supplied with the janusGATE Framework that perform an Active Directory lookup for a user based on an email address may result in LDAP referral errors being reported in the log file and messages being let through without processing.

 

This issue will occur in environments where the domain name of the Windows domain defined in Active Directory is not the same as one of the SMTP email domains used for user's email addresses in the organisation.

 

This issue has been fixed in janusGATE Mobile 1.2.1 and above.

Article Information
ID: 
kb/564
Type: 
known issue
fixed issue
Date created: 
17 Oct, 2011
Last updated: 
02 Nov, 2011 16:35
More Information: 

janusGATE Mobile includes several predicates which can be used to test if recipients or senders are members of groups in Active Directory.

 

These predicates are:

  • IsARecipientMemberOfGroup
  • IsEachRecipientMemberOfGroup
  • IsSenderMemberOfGroup

 

These predicates test if the entity being tested (either a message sender or one or more recipients) is a member of a specified group in Active Directory. They first try to find the entity in Active Directory based on the entity's email address.

 

In janusGATE Mobile 1.2.0 the predicates incorrectly attempt to use the domain name of the entity's email address as the search base in the directory tree. This approach is only sensible in environments where the SMTP domain name is the same as the Windows domain name. For environments where this is not the case the search fails and the message can be delivered with incomplete processing by janusGATE Mobile.

Workaround(s): 

This issue has been fixed in janusGATE Mobile 1.2.1 and above.

Applies To
Product: 
janusGATE Mobile
Version(s): 
1.2.0