Home » Categories » eMail Search & Archive » Admin Guide

Generic LDAP Integration

Article ID: 378 | Rating: Unrated | Last Updated: Sun, Jan 26, 2014 at 6:45 AM

Synchronizing User Accounts with a Generic LDAP Directory Service

In addition to adding users manually (which is described in chapter User Management), MailStore can synchronize its internal user database with your company’s generic LDAP directory service (e.g. OpenLDAP, Novell eDirectory).

During synchronization user information such as user names and email addresses are read from the LDAP directory and recorded in MailStore Server’s user database. MailStore Server makes no changes to the LDAP directory itself. The scope of the synchronization can be limited through filters.

Accessing Directory Service Integration

  • Log on to MailStore Client as a MailStore Server administrator.
  • Click on Administrative Tools > Users and Privileges and then on Directory Services.
  • In the Integration section, change the directory service type to LDAP Generic.

 

Connection to the LDAP Directory Service

For synchronization MailStore Server requires information on how to connect to the LDAP directory service.

  • Server Name
    DNS name or IP address of the LDAP server.
  • Encryption
    Configure whether the connection to the LDAP server is to be unencrypted or LDAP-TLS/LDAP-SSL encrypted.
  • Ignore SSL Security Warnings (only when using IMAP-TLS or IMAP-SSL)
    Activate this option if a self-signed or non-public certificate is used on the LDAP server.
  • Administrative DN
    Distinguished Name (DN) of a user with administrative privileges on the LDAP server.
  • Password
    Password of that user.

LDAP Scope

After configuring the connection settings as described above, you can specify filter criteria for the LDAP directory service synchronization in this section.

  • Base-DN
    LDAP base DN, e.g. dc=mycompany,dc=local
  • Filter (optional)
    RFC 4515 compliant LDAP filter, e.g. (&(objectclass=posixAccount)(mail=*))

LDAP-Attributes

Specify how LDAP user attributes should be mapped to the MailStore user attributes:

  • User Name
    LDAP attribute for the user name, e.g. cn or uid.
  • Full Name (optional)
    LDAP attribute for the display name, e.g. displayName.
  • Email addresses (optional)
    LDAP attribute for the SMTP address, e.g. mail. Multiple addresses can be specified, separated by comma.

Options

  • Automatically delete users in MailStore Server
    Here you can choose whether users whose accounts have been deleted in the directory service will also be deleted in MailStore Server’s user database by the synchronization. If the archive folder of such a user already contains archived emails, only the user entry but not its archive folder will be deleted in MailStore Server. Additionally, only MailStore Server users that have their authentication method set to Directory Services will be deleted.

Assign Default Privileges

By default, users that have been synchronized to MailStore Server from a directory service have the privilege to log on to MailStore Server as well as read access to their own user archive.
You can configure those default privileges before synchronization, for example, to assign the privilege Archive E-mail to all new users. To do this, click on Default Privileges...
More information on managing user privileges and their effects is available in the chapter Users, Folders and Settings which also has details on editing existing privileges.

Run Directory Services Synchronization

Click on Test Settings to check synchronization configuration and the results returned by the directory service without any changes to the MailStore Server user database being actually committed.
To finally run the synchronization, click on Synchronize now. The results are shown with any changes committed to the MailStore Server user database.

 

Login with LDAP Credentials

By default, each user created in MailStore Server has a local password. The MailStore Server administrator can specify this password during creation of a new user account. The respective user can later change this password in MailStore Client’s Quick Access section if he or she has ample privileges.

Alternatively, if an LDAP is available, you can configure MailStore Server to allow users to log on to MailStore Server using their LDAP credentials.

Procedure for Users Created by Synchronization with LDAP

If you have created MailStore Server users by LDAP synchronization as described in the previous section, no further action is required. In this case, MailStore Server has already configured all necessary settings automatically for you.

Procedure for Manually Created Users

If you have created MailStore Server users manually and want them to be able to log on using their LDAP credentials, please proceed as follows:


 
Posted by: - Fri, Jan 10, 2014 at 12:35 PM. This article has been viewed 2465 times.
Filed Under: Admin Guide
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
Quick Start Guide
Viewed 3266 times since Mon, Dec 9, 2013
Deploying a Self-signed SSL Certificate
Viewed 2411 times since Fri, Jan 10, 2014
MailStore Web Access Integration in Outlook Web App
Viewed 4796 times since Fri, Jan 10, 2014
MailStore Outlook Add-in Deployment
Viewed 27406 times since Fri, Jan 10, 2014
Bulk Import of Email Files
Viewed 3684 times since Mon, Jan 6, 2014
Notes on Antivirus Software
Viewed 2209 times since Fri, Jan 10, 2014
MailStore Client Deployment
Viewed 8080 times since Thu, Dec 19, 2013
Using Your Own SSL Certificate
Viewed 2252 times since Fri, Jan 10, 2014
Archiving IMAP and POP3 Multidrop Mailboxes
Viewed 4042 times since Sun, Jan 26, 2014
Archiving Emails from External Systems (File Import)
Viewed 2915 times since Sun, Dec 22, 2013
MENU
0 (0)
Article Rating (No Votes)
Rate this article