Messaging Gateway

   We use Brightmail 9.0.2 upgraded last week, now i try to search for an especific user e-mail address at "Administration" -> "Users" -> "Find User" and i receive the following error message: "The address you have provided is shared by multiple directory entries. Check the Control Center and DDS logs for details. DDS error code: 800500".

   I checked my email server, and that user's e-mail address seems to be unique.

   At Brightmail, i tried to check logs, by clicking at "Status" -> "System" -> "Logs", after a while, instead showing the old log screen i used to see in previous version, the screen keeps showing "Dashboard".

   Thanks for all the help provided.

   Carlos Oliveira
 

   I finally can see logs... it's a matter of waiting a really long time, even though the Internet Explorer looks like already finished loading the page.

   Now i can see details... basically:

   - 800500 com.symantec.sms.dds.api.exception.AddressNotUniqueException: Address john@domain.com.br is not unique. The following entries share the same email address: cn=john adam,o=domain; cn=john edson,o=domain; cn=john cage,o=domain

( but in fact, they share only the first name, and their e-mails are not the same: john@domain.com.br ; jedson@domain.com.br ; jcage@domain.com.br )

   Thanks again,

   Carlos Oliveira

If you are doing more than simple recipient validatation you can't have more than one user in your LDAP source with the same e-mail address.  How would SBG know which user is the REAL user.  Did you check their AD - Proxyaddresses & mail attributes for matches?

   Cricket17, thanks a lot for your reply. In fact, all users have unique e-mail addresses. I have checked several times at our Lotus Domino directory (We do not use AD for LDAP since our e-mail is based on Lotus Domino).

   Users have first name, last name and e-mail address, it seems to me that somehow, Brightmail is comparing only first name instead the full name. Maybe there's something to adjust in Brightmail's LDAP connection settings... i am reaserching on the web, but i have no idea until now.

   Carlos Oliveira

The "LDAP Sync" used in releases prior to v9.0 was a bit overzealous in trying to accomodate every possible Domino configuration, one of which allows Domino to create deliverable email addresses from the first and last name in the Domino white pages directory for a user. The new "Directory Data Service" in v9.0 and later is much more rigorous in checking for duplicates, and the Domino configuration information that was migrated likely needs to be edited.

If you edit the Domino source information in SBG under Administration > Directory Integration, and click the "Customize Query" button, you'll likely find a query filter that includes (givenname=%u) and (sn=%u). When a message is received for john@domain.com.br, the %u token takes the user-part of the recipient address, so you get (givenname=john), which matches all three of those entries. If you remove the (givenname=%u) and (sn=%u) parts from the query filter, you should no longer see this problem.

If you still find you're having issues with non-uniqueness, please paste the query filter in this comment and we'll see what we can do.

thanks!

-nate

I've only used AD as the LDAP source, but I've seen converstations in the past on the forum about using Dominio.  You might want to verify that the LDAP query strings are correct for your situation.  That the % parameters are correctly placed and matching on the correct fields.

Good luck.

Opps, I see Nate posted this same suggestion in more detail.  Have a go with what Nate posted.

   Nate, thanks a lot ! It worked, perfect !

   I went to "Administration" -> "Settings" -> "Directory Integration", clicked on my LDAP Directory Data Source displayed. At "Address Resolution" i clicked "Customize Query", and changed the old query:

(|(&(|(objectclass=dominoServerMailinDatabase)(objectclass=dominoperson))(|(sn=%u)(givenname=%u)(cn=%n)(mail=%s)(uid=%s)(uid=%u)))(&(objectclass=dominogroup)(|(uid=%u)(uid=%s)(mail=%s))))

   To this, doing what you wrote to do:

(|(&(|(objectclass=dominoServerMailinDatabase)(objectclass=dominoperson))(|(cn=%n)(mail=%s)(uid=%s)(uid=%u)))(&(objectclass=dominogroup)(|(uid=%u)(uid=%s)(mail=%s))))

   Now, everything seems fine.

   Thank you very much.

   Carlos Oliveira