LDAP Implementation

LDAP Implementation

IMail Server provides an LDAP interface to the IMail user database. The IMail user database is extended to include standard LDAP attributes (such as name, address, organization name, phone number) and any other attributes that a site defines. The user database is flat; it does not support a tree hierarchy of users.

Each user with an account on the IMail Server system has an LDAP entry. When a user is added to the IMail user database, an LDAP entry is defined with the following attributes:

Entry Attribute

ObjectClass The type of entry. The value would be "Person."

CN CommonName The full name of the user.

Mail The IMail Server e-mail address for the user. This is constructed from the user ID and the host name.

UID The IMail Server user ID.

SurName The surname, or last name, of the user.

Using an LDAP-enabled client, the user can add, delete, and modify information in his/her own LDAP entry. A user cannot modify another user's entry. The following table describes several additional attributes that the user can add (by using an LDAP client that supports the Modify function):

Entry Attribute

Organization The company that the user works for.

OrgUnit The department within the company that the user works for.

Street The street address of the user.

City The city in which the user is located.

ST The state or province in which the user is located.

Postal The ZIP or postal code of the user.

C The country name of the user.

Telephone The telephone number of the user.

These are the most common attributes used in the LDAP entry. Other attributes can be defined by the system administrator or the user.

The system administrator can add and delete users, add LDAP attributes, and modify LDAP attribute values using:

IMail Administrator - For more information, see "User Mail Accounts" ..
A web browser. For more information, see "IMail Web Messaging" . and "Using the Web Administration Capability".

Note: You can also use an LDAP-enabled client to add and modify LDAP attributes (but not to add and delete users). Refer to the documentation for your client for information on accessing and using an LDAP directory.

Full LDAP Directory Support

IMail Server supports OpenLDAP, which provides the following capabilities:

Allows users of LDAP-enabled clients such as Netscape Communicator to:

Locate LDAP directory information that may include name, phone number, e-mail address, organization, department, and address.
List all users on a host.
Search for users who meet certain criteria.
Modify their own user information in the LDAP directory.

Host Administrators and System Administrators can use an LDAP-enabled client to add, delete, and modify user accounts, including any LDAP directory information.
You can monitor the LDAP server and receive notification when it goes down. For more information, see "The Monitor Server" ..

LDAP Directory Structure

The following folders are located under IMail\OpenLDAP.

bin- Folder where all OpenLDAP binaries are stored.
Openldap-data- Folder where all folders containing domain specific databases are stored. A folder named after each existing domain.
schma- Folder where all OpenLDAP schema files are stored. Schema files are text files that determine which objects have which properties.
share\ucdata- Contains supporting data files for the LDAP server. These files should not be modified.

Supplying LDAP Information for Unregistered Users

You cannot add users to the LDAP database unless they have mail accounts. If you want to provide LDAP information about users whom you don't want to use e-mail, you must create accounts for them and select Account Access Disabled in their user properties.

Accessing LDAP Information from Microsoft Mail Clients

If a user has Outlook Express as a mail client, and has difficulty accessing LDAP information from the IMail LDAP server, the user can change a setting in Outlook Express to remedy the situation.

If the user does not have an entry for the IMail LDAP server, the user will need to create one as follows:

In Outlook Express, select Accounts --> Directory Service --> Add --> Directory Service from the Tools menu.
In the Internet directory (LDAP) server box, enter the name or IP address of the IMail Server system, then fill in the other panels.
Click Finish when done.

Once the user has created an LDAP entry as described above, the user must edit the LDAP properties:
In Outlook Express, select Accounts -> Directory Service.
Select the LDAP account.
Select Properties, then click the Advanced tab.
In the Search Base text box, enter:
o=Official host name 
Click Apply, then OK, then Close.
Populating the LDAP Database

If you add a large number of users at one time, you may want to populate the LDAP database afterward. For more information, see "Populating the LDAP Database (ldaper.exe)".

Entry	Attribute
ObjectClass	The type of entry. The value would be "Person."
CN CommonName	The full name of the user.
Mail	The IMail Server e-mail address for the user. This is constructed from the user ID and the host name.
UID	The IMail Server user ID.
SurName	The surname, or last name, of the user.

Entry	Attribute
Organization	The company that the user works for.
OrgUnit	The department within the company that the user works for.
Street	The street address of the user.
City	The city in which the user is located.
ST	The state or province in which the user is located.
Postal	The ZIP or postal code of the user.
C	The country name of the user.
Telephone	The telephone number of the user.

Note: You can also use an LDAP-enabled client to add and modify LDAP attributes (but not to add and delete users). Refer to the documentation for your client for information on accessing and using an LDAP directory.

Ipswitch, Inc.
http://www.ipswitch.com


©Ipswitch 2004