Generic LDAP Integration
In addition to adding users manually (which is described in chapter User Management), MailStore can synchronize its internal user database with your company’s generic LDAP directory service (e.g. OpenLDAP, Novell eDirectory).
During synchronization user information such as user names and email addresses are read from the LDAP directory and recorded in MailStore Server’s user database. MailStore Server makes no changes to the LDAP directory itself. The scope of the synchronization can be limited through filters.
Accessing Directory Service Integration
- Log on to MailStore Client as a MailStore Server administrator.
- Click on Administrative Tools > Users and Privileges and then on Directory Services.
- In the Integration section, change the directory service type to LDAP Generic.
Connection to the LDAP Directory Service
For synchronization MailStore Server requires information on how to connect to the LDAP directory service.
- Server Name
DNS name or IP address of the LDAP server.
Configure whether the connection to the LDAP server is to be unencrypted or LDAP-TLS/LDAP-SSL encrypted.
- Ignore SSL Security Warnings (only when using IMAP-TLS or IMAP-SSL)
Activate this option if a self-signed or non-public certificate is used on the LDAP server.
- Administrative DN
Distinguished Name (DN) of a user with administrative privileges on the LDAP server.
Password of that user.
After configuring the connection settings as described above, you can specify filter criteria for the LDAP directory service synchronization in this section.
LDAP base DN, e.g. dc=mycompany,dc=local
- Filter (optional)
RFC 4515 compliant LDAP filter, e.g. (&(objectclass=posixAccount)(mail=*))
Specify how LDAP user attributes should be mapped to the MailStore user attributes:
- User Name
LDAP attribute for the user name, e.g. cn or uid.
- Full Name (optional)
LDAP attribute for the display name, e.g. displayName.
- Email addresses (optional)
LDAP attribute for the SMTP address, e.g. mail. Multiple addresses can be specified, separated by comma.
- Automatically delete users in MailStore Server
Here you can choose whether users whose accounts have been deleted in the directory service will also be deleted in MailStore Server’s user database by the synchronization. If the archive folder of such a user already contains archived emails, only the user entry but not its archive folder will be deleted in MailStore Server. Additionally, only MailStore Server users that have their authentication method set to Directory Services will be deleted.
Assign Default Privileges
By default, users that have been synchronized to MailStore Server from a directory service have the privilege to log on to MailStore Server as well as read access to their own user archive.
You can configure those default privileges before synchronization, for example, to assign the privilege Archive E-mail to all new users. To do this, click on Default Privileges...
More information on managing user privileges and their effects is available in the chapter Users, Folders and Settings which also has details on editing existing privileges.
Run Directory Services Synchronization
Click on Test Settings to check synchronization configuration and the results returned by the directory service without any changes to the MailStore Server user database being actually committed.
To finally run the synchronization, click on Synchronize now. The results are shown with any changes committed to the MailStore Server user database.
Login with LDAP Credentials
By default, each user created in MailStore Server has a local password. The MailStore Server administrator can specify this password during creation of a new user account. The respective user can later change this password in MailStore Client’s Quick Access section if he or she has ample privileges.
Alternatively, if an LDAP is available, you can configure MailStore Server to allow users to log on to MailStore Server using their LDAP credentials.
Procedure for Users Created by Synchronization with LDAP
If you have created MailStore Server users by LDAP synchronization as described in the previous section, no further action is required. In this case, MailStore Server has already configured all necessary settings automatically for you.
Procedure for Manually Created Users
If you have created MailStore Server users manually and want them to be able to log on using their LDAP credentials, please proceed as follows:
- Configure the LDAP integration as described in chapter Synchronizing User Accounts with a Generic LDAP Directory Service.
- Verify that the names of the MailStore Server users match those of the corresponding LDAP users.
- In the General Information section of the user properties select Directory Services for Authentication.