This article describes how to publish the configuration of an LDAP list, so that LDAP lists can be used in the policy of PMX edge servers. These instructions are useful when there are many edge servers in use and it is not possible to manually copy the LDAP list configuration.
Known to apply to the following Sophos product(s) and version(s)
PureMessage for Unix
What To Do
The configuration of an LDAP list is stored in:
Because matching is performed via LDAP, it is only necessary to copy this configuration to the edge server. If there are multiple edge servers then you can use the publication feature as an alternative to manually copying the files.
NOTE: It is not possible to add an LDAP list to a publication via the GUI. LDAP lists must be added using the pmx-share command.
Step 1 - Copy the list to a seperate configuration file
By default, the configuration of lists it not synced. Depending on your list configuration, you may wish to only sync the LDAP list.
Remove the configuration of the LDAP list from: /opt/pmx/etc/lists.conf
Place the configuration in a new file. For example: /opt/pmx/etc/lists.d/ldaplist.conf
Step 2 - Create a new publication
Use pmx-share to create a new publication for your LDAP lists. For example: pmx-share --publication LDAP
Follow the instructions to create the publication.
Step 3 - Add the list to the publication
Add your list configuration file to the new publication. For example: pmx-share add --publication LDAP --files /opt/pmx/etc/lists.d/ldaplist.conf
Step 4 - Add hosts to the publication
Add hosts from your Server Group that you wish to receive this LDAP list. For example: pmx-share add --publication LDAP --host Edge1
Step 5 - Synchronize the publication
Synchronizing the publication will add your list to any hosts that are a member of this publication. For example: pmx-share --publication LDAP sync
Step 6 - Test the list on the edge server
The LDAP list configuration should now be present in: /opt/pmx/etc/lists.d/
You can also login to the PMX manager on the edge server to view this configuration on the 'Policy' tab. Test that the edge server can successfully run the LDAP query using the option in 'Policy > Test List/Map'