Populating Lists and Maps via LDAP

Lightweight Directory Access Protocol (LDAP) is an open-standard protocol for accessing online directory services. Directory services are structured repositories of information on people and resources within an organization (for example, a list of names and email addresses). LDAP defines a protocol for updating and searching these directory services running over TCP/IP. For information on configuring an LDAP directory service see the following resources:

  • LDAP RFC 1777, Request for Comments documentation.
  • OpenLDAP.org, the open source implementation of the Lightweight Directory Access Protocol.

Use the pmx-ldap-sync program to synchronize the existing LDAP directory service to a PureMessage list (for example, a whitelist or blacklist) or map. Depending on options specified on the command line, the pmx-ldap-sync program creates either a flat file or a Berkeley database from an LDAP directory service. Use Perl regular expressions to evaluate list content and filter it based on specific criteria. The pmx-ldap-sync program can be run as a scheduled job from the Manager; see “Managing Scheduled Jobs” in the Manager Reference for more information.

Important Sophos highly recommends that only administrators with advanced LDAP configuration and query experience use the pmx-ldap-sync program. Administrators must also be familiar with Perl and regular expressions. Accessing LDAP directory services and writing LDAP queries is not included in the Sophos PureMessage support agreement.