PureMessage for Unix: How to publish the configuration of an LDAP based list

  • Article ID: 116946
  • Updated: 23 Jul 2012

This article describes how to publish the configuration of an LDAP list, so that LDAP lists can be used in the policy of PMX edge servers.  These instructions are useful when there are many edge servers in use and it is not possible to manually copy the LDAP list configuration.

Known to apply to the following Sophos product(s) and version(s)

PureMessage for Unix


What To Do

The configuration of an LDAP list is stored in:

/opt/pmx/etc/lists.conf
/opt/pmx/etc/lists.d*

Because matching is performed via LDAP, it is only necessary to copy this configuration to the edge server.  If there are multiple edge servers then you can use the publication feature as an alternative to manually copying the files.

NOTE:  It is not possible to add an LDAP list to a publication via the GUI.  LDAP lists must be added using the pmx-share command.

Step 1 - Copy the list to a seperate configuration file

By default, the configuration of lists it not synced.  Depending on your list configuration, you may wish to only sync the LDAP list. 

Remove the configuration of the LDAP list from: /opt/pmx/etc/lists.conf
Place the configuration in a new file.  For example:  /opt/pmx/etc/lists.d/ldaplist.conf

Step 2 - Create a new publication

Use pmx-share to create a new publication for your LDAP lists.  For example:  pmx-share --publication LDAP

Follow the instructions to create the publication.

Step 3 - Add the list to the publication

Add your list configuration file to the new publication.  For example:  pmx-share add --publication LDAP --files /opt/pmx/etc/lists.d/ldaplist.conf

Step 4 - Add hosts to the publication

Add hosts from your Server Group that you wish to receive this LDAP list. For example:  pmx-share add --publication LDAP --host Edge1

Step 5 - Synchronize the publication

Synchronizing the publication will add your list to any hosts that are a member of this publication.  For example: pmx-share --publication LDAP sync

Step 6 - Test the list on the edge server

The LDAP list configuration should now be present in:  /opt/pmx/etc/lists.d/

You can also login to the PMX manager on the edge server to view this configuration on the 'Policy' tab.  Test that the edge server can successfully run the LDAP query using the option in 'Policy > Test List/Map'






 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments