Generic LDAP Integration

Synchronizing User Accounts with a Generic LDAP Directory Service

In addition to adding users manually (which is described in chapter User Management), MailStore can synchronize its internal user database with your company’s generic LDAP directory service (e.g. OpenLDAP, Novell eDirectory).

During synchronization user information such as user names and email addresses are read from the LDAP directory and recorded in MailStore Server’s user database. MailStore Server makes no changes to the LDAP directory itself. The scope of the synchronization can be limited through filters.

Accessing Directory Service Integration

  • Log on to MailStore Client as a MailStore Server administrator.
  • Click on Administrative Tools > Users and Privileges and then on Directory Services.
  • In the Integration section, change the directory service type to LDAP Generic.

 

Connection to the LDAP Directory Service

For synchronization MailStore Server requires information on how to connect to the LDAP directory service.

  • Server Name
    DNS name or IP address of the LDAP server.
  • Encryption
    Configure whether the connection to the LDAP server is to be unencrypted or LDAP-TLS/LDAP-SSL encrypted.
  • Ignore SSL Security Warnings (only when using IMAP-TLS or IMAP-SSL)
    Activate this option if a self-signed or non-public certificate is used on the LDAP server.
  • Administrative DN
    Distinguished Name (DN) of a user with administrative privileges on the LDAP server.
  • Password
    Password of that user.

LDAP Scope

After configuring the connection settings as described above, you can specify filter criteria for the LDAP directory service synchronization in this section.

  • Base-DN
    LDAP base DN, e.g. dc=mycompany,dc=local
  • Filter (optional)
    RFC 4515 compliant LDAP filter, e.g. (&(objectclass=posixAccount)(mail=*))

LDAP-Attributes

Specify how LDAP user attributes should be mapped to the MailStore user attributes:

  • User Name
    LDAP attribute for the user name, e.g. cn or uid.
  • Full Name (optional)
    LDAP attribute for the display name, e.g. displayName.
  • Email addresses (optional)
    LDAP attribute for the SMTP address, e.g. mail. Multiple addresses can be specified, separated by comma.

Options

  • Automatically delete users in MailStore Server
    Here you can choose whether users whose accounts have been deleted in the directory service will also be deleted in MailStore Server’s user database by the synchronization. If the archive folder of such a user already contains archived emails, only the user entry but not its archive folder will be deleted in MailStore Server. Additionally, only MailStore Server users that have their authentication method set to Directory Services will be deleted.

Assign Default Privileges

By default, users that have been synchronized to MailStore Server from a directory service have the privilege to log on to MailStore Server as well as read access to their own user archive.
You can configure those default privileges before synchronization, for example, to assign the privilege Archive E-mail to all new users. To do this, click on Default Privileges...
More information on managing user privileges and their effects is available in the chapter Users, Folders and Settings which also has details on editing existing privileges.

Run Directory Services Synchronization

Click on Test Settings to check synchronization configuration and the results returned by the directory service without any changes to the MailStore Server user database being actually committed.
To finally run the synchronization, click on Synchronize now. The results are shown with any changes committed to the MailStore Server user database.

 

Login with LDAP Credentials

By default, each user created in MailStore Server has a local password. The MailStore Server administrator can specify this password during creation of a new user account. The respective user can later change this password in MailStore Client’s Quick Access section if he or she has ample privileges.

Alternatively, if an LDAP is available, you can configure MailStore Server to allow users to log on to MailStore Server using their LDAP credentials.

Procedure for Users Created by Synchronization with LDAP

If you have created MailStore Server users by LDAP synchronization as described in the previous section, no further action is required. In this case, MailStore Server has already configured all necessary settings automatically for you.

Procedure for Manually Created Users

If you have created MailStore Server users manually and want them to be able to log on using their LDAP credentials, please proceed as follows:


 

Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
Choosing the Right Archiving Strategy
Viewed 1843 times since Wed, Jan 1, 2014
Batch-archiving IMAP Mailboxes
Viewed 2123 times since Fri, Jan 10, 2014
Monitoring
Viewed 3419 times since Fri, Jan 10, 2014
Choosing the Right Storage Strategy
Viewed 1992 times since Fri, Jan 3, 2014
Archiving Email from Outlook, Thunderbird and others
Viewed 2205 times since Tue, Jan 14, 2014
Notes on Antivirus Software
Viewed 1485 times since Fri, Jan 10, 2014
Using Network Attached Storage (NAS)
Viewed 1795 times since Sat, Dec 14, 2013
MailStore Web Access Integration in Outlook Web App
Viewed 3791 times since Fri, Jan 10, 2014
Maintenance and Repair
Viewed 1510 times since Fri, Jan 10, 2014
Deploying a Self-signed SSL Certificate
Viewed 1508 times since Fri, Jan 10, 2014
MENU