I have a barracuda spam firewall 300 that I just got installed the other day. I'm working on an LDAP query for using it with my exchange server. What i have so far is:
(&
(!userAccountControl:1.2.840.113556.1.4.803:=2)
(|
(sAMAccountName=${recipient_local_part})
(othermailbox=smtp:${recipient_local_part}@ourdomain.com)
(proxyaddresses=smtp:${recipient_local_part}@ourdomain.com)
(mail=${recipient_email})
(userPrincipalName=${recipient_local_part})
)
)
I've formatted it for your convenience. What I'm trying to do is filter out users who are disabled in the directory, since they may have valid addresses, but I don't want to accept mail for them anymore. We keep their email addresses for a long time, but company policy prevents me from deleting them from the directory.
When the query runs, i get the following error:
failed to issue LDAP find operation: Bad search filter
The query works without the (!userAccountControl:1.2.840.113556.1.4.803:=2), but that is the line that filters out disabled accounts.
How do I use LDAP to effectively filter out disabled accounts?
It is hard for me to test this one, but I think you need the parens to group the !useraccountcontrol and the or block.
Why are you checking so many options? The proxyAddresses part should be more than enough:
(& (!userAccountControl:1.2.840.113556.1.4.803:=2)
(proxyaddresses=smtp:${recipient_local_part}@ourdomain.com) )
Thanks,
Brian Desmond
Active Directory MVP