Difference between revisions of "Generic LDAP Integration"
| [unchecked revision] | [unchecked revision] |
(Wiki Tool) |
|||
| Line 33: | Line 33: | ||
'''Example 1:''' Testing the creation of new users | '''Example 1:''' Testing the creation of new users | ||
| − | ldap-sync --server="ldapserver.mycompany.local" \ | + | ldap-sync --server="ldapserver.mycompany.local" \ |
--user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ | --user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ | ||
--base-dn="ou=users,dc=mycompany,dc=local" --allow-create --dry-run | --base-dn="ou=users,dc=mycompany,dc=local" --allow-create --dry-run | ||
'''Example 2:''' Create new users in MailStore | '''Example 2:''' Create new users in MailStore | ||
| − | ldap-sync --server="ldapserver.mycompany.local" \ | + | ldap-sync --server="ldapserver.mycompany.local" \ |
--user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ | --user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ | ||
--base-dn="ou=users,dc=mycompany,dc=local" --allow-create | --base-dn="ou=users,dc=mycompany,dc=local" --allow-create | ||
'''Example 3:''' Sync existing users with MailStore | '''Example 3:''' Sync existing users with MailStore | ||
| − | ldap-sync --server="ldapserver.mycompany.local" \ | + | ldap-sync --server="ldapserver.mycompany.local" \ |
--user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ | --user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ | ||
--base-dn="ou=users,dc=mycompany,dc=local" \ | --base-dn="ou=users,dc=mycompany,dc=local" \ | ||
--attr-user="cn" --attr-disp="displayName" -attr-mail="mail" | --attr-user="cn" --attr-disp="displayName" -attr-mail="mail" | ||
[[de:Generische_LDAP-Integration]] | [[de:Generische_LDAP-Integration]] | ||
Revision as of 08:37, 24 January 2011
Enable Generic LDAP Authentication
To activate the generic LDAP Server authentication open the MailStore Management Shell and execute the following command:
store-setprop --name="public.ldap.type" --value="LdapGeneric"
Now you are able configure your LDAP server settings at Management | LDAP Integration.
Please note: In order to change the mode back to Active Directory, please set the value to ActiveDirectory instead of LdapGeneric.
Synchronizing LDAP users
Since MailStore Server 4.5 it is possible to automatically sync user account from a generic LDAP server (e.g. OpenLDAP). For that purpose the MailStore Management command ldap-sync is available.
ldap-sync --parameter1="value" --parameter2="value"
The attr-* values depend on the chosen attribute names of you LDAP server.
Parameter Meaning
=================================================================================
server IP address or hostname of your LDAP server
auth-type optional: Authentification method (None or SecureSocketsLayer)
user LDAP DN for username used for synchronization
pass password used for synchronization
base-dn LDAP Base-DN, e.g. dc=mycompany,dc=local
filter optional: LDAP filter string, e.g. (objectclass=posixAccount)
allow-create no value. If given, new users will be created in MailStore
dry-run no value. If given, simulate execution.
Only valid in conjunction with allow-create
attr-user LDAP attribute for usernames, e.g. cn or uid
attr-disp optional: LDAP attribute for displayed name, e.g. displayName
attr-mail optional: LDAP attribute for SMTP mail address, e.g. mail
Example 1: Testing the creation of new users
ldap-sync --server="ldapserver.mycompany.local" \ --user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ --base-dn="ou=users,dc=mycompany,dc=local" --allow-create --dry-run
Example 2: Create new users in MailStore
ldap-sync --server="ldapserver.mycompany.local" \ --user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ --base-dn="ou=users,dc=mycompany,dc=local" --allow-create
Example 3: Sync existing users with MailStore
ldap-sync --server="ldapserver.mycompany.local" \ --user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ --base-dn="ou=users,dc=mycompany,dc=local" \ --attr-user="cn" --attr-disp="displayName" -attr-mail="mail"
