Synchronizing User Accounts with a Generic LDAP Directory Service

In addition to adding users manually (which is described in chapter User Management), MailStore can synchronize its internal user database with your company's generic LDAP directory service (e.g. OpenLDAP, Novell eDirectory).

During synchronization, user data and email addresses are gathered from the LDAP directory and entered into MailStore. MailStore makes no changes to the lDAP directory. The scope of the synchronization can be limited through filters.

Opening the Directory Service Integration

Using MailStore Client, log on as MailStore administrator. Click on Administrative Tools > Users and Privileges and then on Directory Services. Under Integration, change the directory service type to LDAP Generic.

Specifying Connection Settings

Before the synchronization feature can be used, MailStore needs information on how to reach the LDAP directory service.

LDAP Connection

Specify the connection settings for the LDAP directory service server:

• Server Name - Name or IP address of the LDAP directory service server.
• Encryption - Type of encryption which is to be used when connecting to the LDAP directory service server.
• Administrative DN - Distinguished Name (DN) of an administrative LDAP user.
• Password - Password of the LDAP user listed under Administrative DN.

LDAP Scope

Specify the scope of the synchronization:

• Base-DN - LDAP base DN, e.g. dc=myfirm,dc=local
• Filter - RFC 4515 compliant LDAP filter, e.g. &((objectclass=posixAccount)(mail=*))

LDAP-Attributes

Specify which LDAP user attributes correspond to the MailStore user attributes:

• User Name - LDAP attribute for user name, e.g. cn or uid.
• Full Name (opt.) - Optional: LDAP attribute for the display name, e.g. displayName.
• Email addresses - Optional: LDAP attribute for the SMTP address, e.g. mail. Multiple addresses can be specified, separated by comma.

Executing the Synchronization

Once the connection settings have been specified (as described above), the MailStore user list can be synchronized with the LDAP user list.

Click on Verify Settings to see a preview of what would happen when clicking Synchronize Now. Click on Synchronize Now to start.

Login with LDAP Access Data

Using the default settings, each user created in MailStore has his or her own password specifically for MailStore. The MailStore administrator can specify the password during setup of the user account. Users can later change their passwords in MailStore Client's Administrative Tools.

If your company has a generic LDAP server (e.g. OpenLDAP, Novell eDirectory), MailStore can also be configured to allow users to log on to MailStore Server via MailStore Client using their LDAP passwords.

Procedure for users who were added via synchronization using the generic LDAP directory service

If MailStore users were added using LDAP directory service synchronization as described in the previous section, no actions need to be taken. In this case, MailStore has already performed all necessary settings automatically.

Procedure for users who were added manually

If MailStore users were added manually and if these users are to be able to log on using their LDAP passwords, please proceed as follows:

• Configure the generic LDAP directory service integration as described in chapter Synchronizing User Accounts with a Generic LDAP Directory Service.
• Make sure that the MailStore users have the same name as the corresponding users in the LDAP directory service.
• Under Authentication in the user properties, select Directory Services.