3.6. Directory Services

_images/administrator-panel-ldap-01.png

The application supports Microsoft Active Directory and Zimbra Collaboration Suite directory services. Application also can work without any integration.

  • Server and Port - DNS name or IP address with port of a directory services server
  • Protocol - the protocol used to communicate with a directory services server
  • Base DN - distinguished name of LDAP directory base
  • User name - distinguished name of user which will be used to query directory service
  • Password - password of the chosen principal

3.6.1. Test Connection

_images/administrator-panel-ldap-03.png

Check if specified credentials and server address is correctly set up.

3.6.2. Manage Schema

The application provides default schema configuration for Microsoft Active Directory and Zimbra Collaboration Suite.

When needed configuration could be modified.

_images/administrator-panel-ldap-02.png

3.6.2.1. Mandatory entries

For Zimbra Collaboration Suite these entries must be present:

  • DeliveryAddress
  • Id
  • Mail
  • Name

For Active Directory these entries must be present:

  • DistinguishedName
  • DeliveryAddress
  • Id
  • Mail
  • Name

If one of these entries will be missing the application will not correctly work.

3.6.2.2. Custom queries

Application by default uses standard queries for user in group, users and groups list.

Zimbra Collaboration Suite:

Name Value
UserInGroup (&(objectClass=zimbraDistributionList)(zimbraMailForwardingAddress=%s))
UsersList (objectClass=zimbraAccount)
GroupsList (objectClass=zimbraDistributionList)

Active Directory:

Name Value
UserInGroup (&(objectClass=group)(member=%s))
UsersList (&(objectClass=user)(mail=*))
GroupsList (objectClass=group)

If needed these queries could be modified manually in /opt/msh-ds/etc/settings.xml file on the mail server. Desktop application must be restarted to reread the changes.

3.6.3. Test Schema and Base DN

_images/administrator-panel-ldap-04.png

Provided base DN and default or custom schema could be tested. The application can list users and groups, when none of user or group is listed then base DN or schema is incorrectly set up.

Sample list of detected users:

_images/administrator-panel-ldap-05.png