Difference between revisions of "Generic LDAP Integration"
| [unchecked revision] | [unchecked revision] |
m (moved Authentication methods to Generic LDAP Integration) |
|||
| Line 1: | Line 1: | ||
| − | + | = Enable Generic LDAP Authentication == | |
To activate the generic LDAP Server authentication open the MailStore Management Shell and execute the following command: | To activate the generic LDAP Server authentication open the MailStore Management Shell and execute the following command: | ||
| Line 7: | Line 7: | ||
Now you are able configure your LDAP server settings at '''Management | LDAP Integration'''. | Now you are able configure your LDAP server settings at '''Management | LDAP Integration'''. | ||
| − | = | + | <p class="msnote">'''Please note:''' In order to change the mode back to Active Directory, please set the value to <code>ActiveDirectory</code> instead of <code>LdapGeneric</code>.</p> |
| + | |||
| + | = Synchronizing LDAP users = | ||
Since MailStore Server 4.5 it is possible to automatically sync user account from a generic LDAP server (e.g. OpenLDAP). For that purpose the MailStore Management command <tt>ldap-sync</tt> is available. | Since MailStore Server 4.5 it is possible to automatically sync user account from a generic LDAP server (e.g. OpenLDAP). For that purpose the MailStore Management command <tt>ldap-sync</tt> is available. | ||
| Line 45: | Line 47: | ||
--base-dn="ou=users,dc=mycompany,dc=local" \ | --base-dn="ou=users,dc=mycompany,dc=local" \ | ||
--attr-user="cn" --attr-disp="displayName" -attr-mail="mail" | --attr-user="cn" --attr-disp="displayName" -attr-mail="mail" | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 13:24, 25 June 2010
Enable Generic LDAP Authentication =
To activate the generic LDAP Server authentication open the MailStore Management Shell and execute the following command:
store-setprop --name="public.ldap.type" --value="LdapGeneric"
Now you are able configure your LDAP server settings at Management | LDAP Integration.
Please note: In order to change the mode back to Active Directory, please set the value to ActiveDirectory instead of LdapGeneric.
Synchronizing LDAP users
Since MailStore Server 4.5 it is possible to automatically sync user account from a generic LDAP server (e.g. OpenLDAP). For that purpose the MailStore Management command ldap-sync is available.
ldap-sync --parameter1="value" --parameter2="value"
The attr-* values depend on the chosen attribute names of you LDAP server.
Parameter Meaning
=================================================================================
server IP address or hostname of your LDAP server
auth-type optional: Authentification method (None or SecureSocketsLayer)
user LDAP DN for username used for synchronization
pass password used for synchronization
base-dn LDAP Base-DN, e.g. dc=mycompany,dc=local
filter optional: LDAP filter string, e.g. (objectclass=posixAccount)
allow-create no value. If given, new users will be created in MailStore
dry-run no value. If given, simulate execution.
Only valid in conjunction with allow-create
attr-user LDAP attribute for usernames, e.g. cn or uid
attr-disp optional: LDAP attribute for displayed name, e.g. displayName
attr-mail optional: LDAP attribute for SMTP mail address, e.g. mail
Example 1: Testing the creation of new users ldap-sync --server="ldapserver.mycompany.local" \
--user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ --base-dn="ou=users,dc=mycompany,dc=local" --allow-create --dry-run
Example 2: Create new users in MailStore ldap-sync --server="ldapserver.mycompany.local" \
--user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ --base-dn="ou=users,dc=mycompany,dc=local" --allow-create
Example 3: Sync existing users with MailStore ldap-sync --server="ldapserver.mycompany.local" \
--user="uid=mailstore,dc=mycompany,dc=local" --pass="secret123" \ --base-dn="ou=users,dc=mycompany,dc=local" \ --attr-user="cn" --attr-disp="displayName" -attr-mail="mail"
