Query Config

The Directory Services Queries page allows you to edit directory services queries. Although queries are auto-generated by the Directory Services wizard for some LDAP implementations, these values are only intended as guidelines; you must adjust them to match your directory server's requirements.

The first time you access this page, the queries run automatically. If you go to a previous page and then return to the Query Config page, or if you edit the queries, you must click Run Queries to run them again. The icon next to each query indicates the result.

  1. Edit existing queries or enter custom queries in the following text boxes:
    Note
    To test the %%USERNAME%% or %%GROUP_DN%% associated with a specific query, enter it in Verify Queries section at the bottom of this wizard page.
    • Valid Recipients: Retrieve a list of every valid email address. This query uses the recipient validation method specified on the Configuration > Policy > Filtering Options page. See "Filtering Options" for a description of the recipient validation options.

      This query uses "Administrator" by default, unless you enter a different name in the query, or in the Test %%USERNAME%% text box in the Verify Queries section.

      Ensure that this query retrieves all valid email addresses to prevent valid messages from being rejected.

    • Aliases: Return a list of aliases and their addresses. If you have users with email aliases, this ensures that the mapping of one address to another is respected, so that mail is delivered to the correct address, recipients can log in to the End User Web Quarantine, and per-user settings are applied.
    • Retrieve user: Retrieve the Distinguished Name (DN) of the end user to use for End User Web Quarantine authentication. Testing a specific %%USERNAME%% in the Verify Queries section returns 1 result if it is successful and 0 results if it fails.

      Important
      It is not necessary to provide this query if you have enabled Via downstream SMTP look-ahead for recipient validation. For more about this control, see "Filtering Options." If, instead, you have enabled Via directory services for recipient validation, and this query is not specified correctly, the appliance will quietly reject mail.
    • User groups: Retrieve a list of groups, which can then be included or excluded from certain policies.
    • Members of a group: Retrieve a list of email addresses for users who are members of a specified group (%%GROUP_DN%%).
    • SMTP Authentication: Retrieve the Distinguished Name (DN) of the end user that is required for SMTP authentication. Testing a specific %%USERNAME%% in the Verify Queries section returns 1 result if it is successful and 0 results if it fails.

      This query uses "Administrator" by default, unless you enter a different name in the query, or in the Test %%USERNAME%% text box in the Verify Queries section.

  2. [Optional] Completely empty a query to disable that query on the appliance.
  3. [Optional] Test individual queries by entering a specific %%USERNAME%% or %%GROUP_DN%% value from a query string into one of the text boxes described below. The resulting matches are displayed to the right of the query itself.
    • Test %%USERNAME%%: Enter a valid directory services username to see if the user is affected by the Retrieve user or SMTP authentication query.
    • Test %%GROUP_DN%%: Enter the distinguished name (DN) of a group that is used in the "Members of a group" query to retrieve a complete list of its members.
  4. After you have finished entering queries, you can:
    • Click Reset to restore the original queries that were generated, based on the entries you supplied on a previous page of the wizard.
    • Click Run Queries to test queries. The number of results each query returns is displayed. This can be compared to the number of results you expect your directory services server to return. If no (0) results are returned, you should carefully check that the query is valid (unless you expected no results).
    • Hover your mouse pointer over the text of the status result to see a tool tip. The tool tip indicates reasons for warnings (indicated with a yellow exclamation mark icon) and errors (indicated with a red x-mark icon).
    • Click the status result of a valid query to download a text file containing the query results. The file consists of a header that contains the actual query (not variables), followed by one result per line. Each result has semicolon-separated fields, and each field has comma-separated values.
    • Copy a group DN from the query results file and use it to run tests on the Query Config page.
  5. Click Next.