Generic LDAP Integration

Revision as of 13:59, 25 June 2010 by Admin (talk | contribs) (Wiki Tool)

Enable Generic LDAP Authentication

To activate the generic LDAP Server authentication open the MailStore Management Shell and execute the following command:

 store-setprop --name="public.ldap.type" --value="LdapGeneric"

Now you are able configure your LDAP server settings at Management | LDAP Integration.

Please note: In order to change the mode back to Active Directory, please set the value to ActiveDirectory instead of LdapGeneric.

Synchronizing LDAP users

Since MailStore Server 4.5 it is possible to automatically sync user account from a generic LDAP server (e.g. OpenLDAP). For that purpose the MailStore Management command ldap-sync is available.

 ldap-sync --parameter1="value" --parameter2="value"

The attr-* values depend on the chosen attribute names of you LDAP server.

 Parameter        Meaning
 =================================================================================
 server           IP address or hostname of your LDAP server
 auth-type        optional: Authentification method (None or SecureSocketsLayer)
 user             LDAP DN for username used for synchronization
 pass             password used for synchronization
 base-dn          LDAP Base-DN, e.g. dc=mycompany,dc=local
 filter           optional: LDAP filter string, e.g. (objectclass=posixAccount)
 allow-create     no value. If given, new users will be created in MailStore
 dry-run          no value. If given, simulate execution. 
                          Only valid in conjunction with allow-create
 attr-user        LDAP attribute for usernames, e.g. cn or uid 
 attr-disp        optional: LDAP attribute for displayed name, e.g. displayName
 attr-mail        optional: LDAP attribute for SMTP mail address, e.g. mail

Example 1: Testing the creation of new users ldap-sync --server="ldapserver.mycompany.local" \

 --user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \
 --base-dn="ou=users,dc=mycompany,dc=local" --allow-create --dry-run

Example 2: Create new users in MailStore ldap-sync --server="ldapserver.mycompany.local" \

 --user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \
 --base-dn="ou=users,dc=mycompany,dc=local" --allow-create

Example 3: Sync existing users with MailStore ldap-sync --server="ldapserver.mycompany.local" \

 --user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \
 --base-dn="ou=users,dc=mycompany,dc=local" \
 --attr-user="cn" --attr-disp="displayName" -attr-mail="mail"