Difference between revisions of "Generic LDAP Integration"

[unchecked revision][unchecked revision]
Line 1: Line 1:
 +
----
 +
This article is currently under revision.
 +
----
 +
 
= Synchronizing User Accounts with a Generic LDAP Directory Service =
 
= Synchronizing User Accounts with a Generic LDAP Directory Service =
  
Line 4: Line 8:
 
synchronize its internal user database with your company's generic LDAP directory service (e.g. OpenLDAP, Novell eDirectory).
 
synchronize its internal user database with your company's generic LDAP directory service (e.g. OpenLDAP, Novell eDirectory).
  
During synchronization, user data and email addresses are gathered from the LDAP directory and entered into MailStore. MailStore makes no changes to the lDAP directory. The scope of the synchronization can be limited through filters.
+
During synchronization user information such as user names and email addresses are read from the LDAP directory and recorded in MailStore Server's user database. MailStore Server makes no changes to the LDAP directory itself. The scope of the synchronization can be limited through filters.
  
== Opening the Directory Service Integration ==
+
== Accessing Directory Service Integration ==
  
Using MailStore Client, log on as MailStore administrator. Click on ''Administrative Tools'' > ''Users and Privileges'' and then on ''Directory Services''. Under ''Integration'', change the directory service type to ''LDAP Generic''.
+
*Log on to MailStore Client as a MailStore Server administrator.
 +
*Click on ''Administrative Tools'' > ''Users and Privileges'' and then on ''Directory Services''.
 +
*In the ''Integration'' section, change the directory service type to ''LDAP Generic''.
  
 
[[File:Mldap_sync_01.png|center|450px]]
 
[[File:Mldap_sync_01.png|center|450px]]
  
== Specifying Connection Settings ==
+
== Connection to the LDAP Directory Service ==
 
 
Before the synchronization feature can be used, MailStore needs information on how to reach the LDAP directory service.
 
 
 
=== LDAP Connection===
 
  
Specify the connection settings for the LDAP directory service server:
+
For synchronization MailStore Server requires information on how to connect to the LDAP directory service.
  
* '''Server Name''' - Name or IP address of the LDAP directory service server.  
+
*'''Server Name'''<br/>DNS name or IP address of the LDAP server.  
* '''Encryption''' - Type of encryption which is to be used when connecting to the LDAP directory service server.
+
*'''Encryption'''<br/>Configure whether the connection to the LDAP server is to be unencrypted or LDAP-TLS/LDAP-SSL encrypted.
* '''Administrative DN''' - Distinguished Name (DN) of an administrative LDAP user.
+
*'''Ignore SSL Security Warnings (only when using IMAP-TLS or IMAP-SSL)'''<br/>Activate this option if a self-signed or non-public certificate is used on the LDAP server.  
* '''Password''' - Password of the LDAP user listed under ''Administrative DN''.
+
*'''Administrative DN'''<br/>Distinguished Name (DN) of a user with administrative privileges on the LDAP server.
 +
*'''Password'''<br/>Password of that user.
  
=== LDAP Scope ===
+
== LDAP Scope ==
  
Specify the scope of the synchronization:
+
After configuring the connection settings as described above, you can specify filter criteria for the LDAP directory service synchronization in this section.
  
* '''Base-DN''' - LDAP base DN, e.g. ''dc=myfirm,dc=local''
+
*'''Base-DN'''<br/>LDAP base DN, e.g. ''dc=mycompany,dc=local''
* '''Filter''' - [http://tools.ietf.org/html/rfc4515 RFC 4515] compliant LDAP filter, e.g. ''&((objectclass=posixAccount)(mail=*))''
+
*'''Filter'''<br/>RFC 4515 compliant LDAP filter, e.g. ''(&(objectclass=posixAccount)(mail=*))''
  
=== LDAP-Attributes ===
+
== LDAP-Attributes ==
  
Specify which LDAP user attributes correspond to the MailStore user attributes:
+
Specify how LDAP user attributes should be mapped to the MailStore user attributes:
  
* '''User Name''' - LDAP attribute for user name, e.g. ''cn'' or ''uid''.
+
*'''User Name'''<br/>LDAP attribute for the user name, e.g. ''cn'' or ''uid''.
* '''Full Name (opt.)''' - Optional: LDAP attribute for the display name, e.g. ''displayName''.
+
*'''Full Name (opt.)'''<br/>Optional: LDAP attribute for the display name, e.g. ''displayName''.
* '''Email addresses''' - Optional: LDAP attribute for the SMTP address, e.g. ''mail''. Multiple addresses can be specified, separated by comma.
+
*'''Email addresses'''<br/>Optional: LDAP attribute for the SMTP address, e.g. ''mail''. Multiple addresses can be specified, separated by comma.
  
== Executing the Synchronization ==
+
{{:Includes:Directory_Services_Options}}
 
+
{{:Includes:Assign_Default_Privileges}}
Once the connection settings have been specified (as described above), the MailStore user list can be synchronized with the LDAP user list.
+
{{:Includes:Run_Directory_Services_Synchronization}}
 
 
Click on ''Test Settings'' to see a preview of what would happen when clicking ''Synchronize Now''. Click on ''Synchronize Now'' to start.
 
  
 
[[File:mads_sync_02.png|center|450px]]
 
[[File:mads_sync_02.png|center|450px]]
  
= Login with LDAP Access Data =
+
{{:Includes:Login_with_Directory_Services_Credentials|LDAP|[[Generic_LDAP_Integration#Synchronizing_User_Accounts_with_a_Generic_LDAP_Directory Service|Synchronizing User Accounts with a Generic LDAP Directory Service]]|[[File:mads_ldapauth_01.png|center|350px]]}}
 
 
By default, each user created in MailStore has his or her own password specifically for MailStore. The MailStore administrator can specify the password during setup of the user account. Users can later change their passwords in MailStore Client's ''Administrative Tools''.
 
 
 
If your company has a generic LDAP server (e.g. OpenLDAP, Novell eDirectory), MailStore can also be configured to allow users to log on to MailStore Server via MailStore Client using their LDAP passwords.
 
 
 
== Procedure for users who were added via synchronization using the generic LDAP directory service ==
 
 
 
If MailStore users were added using LDAP directory service synchronization as described in the previous section, no actions need to be taken. In this case, MailStore has already performed all necessary settings automatically.
 
 
 
== Procedure for users who were added manually ==
 
 
 
If MailStore users were added manually and if these users are to be able to log on using their LDAP passwords, please proceed as follows:
 
 
 
*Configure the generic LDAP directory service integration as described in chapter [[Generic_LDAP_Integration#Synchronizing_User_Accounts_with_a_Generic_LDAP_Directory Service|Synchronizing User Accounts with a Generic LDAP Directory Service]].
 
*Make sure that the MailStore users have the same name as the corresponding users in the LDAP directory service.
 
*Under ''Authentication'' in the user properties menu, select ''Directory Services''.
 
 
 
[[File:mads_ldapauth_01.png|center|350px]]
 
 
 
  
 
[[de:Generische_LDAP-Integration]]
 
[[de:Generische_LDAP-Integration]]

Revision as of 08:28, 25 October 2013

This article is currently under revision.

Synchronizing User Accounts with a Generic LDAP Directory Service

In addition to adding users manually (which is described in chapter User Management), MailStore can synchronize its internal user database with your company's generic LDAP directory service (e.g. OpenLDAP, Novell eDirectory).

During synchronization user information such as user names and email addresses are read from the LDAP directory and recorded in MailStore Server's user database. MailStore Server makes no changes to the LDAP directory itself. The scope of the synchronization can be limited through filters.

Accessing Directory Service Integration

  • Log on to MailStore Client as a MailStore Server administrator.
  • Click on Administrative Tools > Users and Privileges and then on Directory Services.
  • In the Integration section, change the directory service type to LDAP Generic.
Mldap sync 01.png

Connection to the LDAP Directory Service

For synchronization MailStore Server requires information on how to connect to the LDAP directory service.

  • Server Name
    DNS name or IP address of the LDAP server.
  • Encryption
    Configure whether the connection to the LDAP server is to be unencrypted or LDAP-TLS/LDAP-SSL encrypted.
  • Ignore SSL Security Warnings (only when using IMAP-TLS or IMAP-SSL)
    Activate this option if a self-signed or non-public certificate is used on the LDAP server.
  • Administrative DN
    Distinguished Name (DN) of a user with administrative privileges on the LDAP server.
  • Password
    Password of that user.

LDAP Scope

After configuring the connection settings as described above, you can specify filter criteria for the LDAP directory service synchronization in this section.

  • Base-DN
    LDAP base DN, e.g. dc=mycompany,dc=local
  • Filter
    RFC 4515 compliant LDAP filter, e.g. (&(objectclass=posixAccount)(mail=*))

LDAP-Attributes

Specify how LDAP user attributes should be mapped to the MailStore user attributes:

  • User Name
    LDAP attribute for the user name, e.g. cn or uid.
  • Full Name (opt.)
    Optional: LDAP attribute for the display name, e.g. displayName.
  • Email addresses
    Optional: LDAP attribute for the SMTP address, e.g. mail. Multiple addresses can be specified, separated by comma.

Includes:Directory Services Options Includes:Assign Default Privileges Includes:Run Directory Services Synchronization

Mads sync 02.png

Includes:Login with Directory Services Credentials

Retrieved from "https://help.mailstore.com/en/server/index.php?title=Generic_LDAP_Integration&oldid=4000"