http://esupport.icewarp.com/index.php?

_m=knowledgebase&_a=viewarticle&kbarticleid=38

How to use LDAP

Author:

Icewarp, Inc
Created On: 15 Feb 2007 06:47 PM

What is LDAP? LDAP is an acronym for Leightweight Directory Access Protocol. It is a protocol for accessing directory services. LDAP lets you "locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet," and whether or not you know the domain name, IP address, or geographic whereabouts. You can easily find your colleagues from Directory Service in MS Outlook/Outlook Express or any other e-mail client, where LDAP is supported. LDAP References LDAP Zone http://www.ldapzone.com/ ldapman.org http://www.ldapman.org/ has some great introductory articles. The LDAP Schema Repository http://ldap.akbkhome.com/ is indispensable. How to setup LDAP in Icewarp Email Server First step to activating the LDAP feature in Domains & Accounts -> Global Settings -> Advanced tab. Icewarp's implementation of LDAP is based on the OpenLDAP Project at http://www.openldap.org/, extended with SSL support and is available in Icewarp Mail Server Professional only. The LDAP server is installed and configured automatically during the Icewarp Mail Server installation. Overview of LDAP Section The slapd.conf button allows you to edit the general configuration file (slapd.conf).It is the general configuration file of the LDAP server that is integrated with Icewarp. It is located in %_directory_%IcewarpLDAPslapd.conf. For a detailed explanation of slapd.conf see Appendix A Press the Reload button to reload slapd.conf. The Reload button restarts the LDAP server so it reloads all of the LDAP setting files. Now the LDAP server is active on the port specified in the System tab ~ TCP/IP settings. By default the LDAP server listens on port 389 and via SSL on port 636. Each service is bound to a TCP port number. This can be changed if needed, but the default ports conform to Internet standards which would be required by ISPs. If you are using a Firewall, you have to open ports for all services. For LDAP to operate efficiently, there is feature called Shared Address Book and Convert Users To LDAP. With this feature, users of Icewarp Mail Server can be automatically synchronized with the LDAP Server so that workstation clients (MS Outlook, etc.) can be configured to read email address from the LDAP Server.
Page 1/4

http://esupport.icewarp.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=38

It allows users to share address books in MS Outlook/Express. Press the Convert Users To LDAP button to convert all existing Icewarp users (except the ones defined in the bypass file). The Bypass File contains email addresses, domains and Ips (one per line).You can also use masks. These addresses and IPs will serve as a bypass criteria for the filter. In other words the filter will not be activated. Button B allows you edit the bypass file easily. Detailed explanation of bypass file format can be found in Appendix B. Now the configuration on the server side is completed. How to Set LDAP Directory Service in MS Outlook Configuration of LDAP in MS Outlook is very similar as in MS Outlook Express. Populate Tools menu and select Email Accounts. Specify Add new directory service or address book. Select Internet Directory Service (LDAP) In Server Information must be set a hostname of machine where LDAP is running. It is usually the same hostname that you are use in e-mail settings. Before pressing Next button, use the More Settings button to configure the connection completely. In the Connection tab you can specify the display name. In MS Outlook fill enter the same value as hostname. However, you can change it, e.g. "Work Address Book". You must specify the port, where the LDAP service is running. The default value is 389 and we strongly recommended that you keep this value. If some application requires this port, you can change it in your Icewarp Mail Server settings in the System tab. Implementation of the LDAP server in Icewarp Mail Server allows you to use Secure Connection via SSL (Secure Sockets Layer). Enable this option and set value of port to 636. In the Search tab is a column named Search base that is one of the most important settings in MS Outlook. It specifies a starting point where the search begins. Enter the value dc=root as it is defined in slapd.conf. Do not change this default value. In the server settings you can specify limiting values. Search timeout is in seconds and allows MS Outlook to terminate sessions if the LDAP server is not available. Specify the maximum number of entries you wish to return after a successful search specifies the maximum number of entries returned. How to Set LDAP Directory Service in Outlook Express At first you must add new directory service in your MS Outlook Express. Populate Tools menu and choose Email Addresses. In the second step you must specify a hostname or IP address of machine, where LDAP is running. It is usually the same hostname that you are use for e-mail. Before finishing, click on the properties of new directory service. There must be set several options to work connection properly. The first column in the General tab contains the name of the new directory service in MS Outlook Express. It could be arbitrary and will be shown when you are working with it (In address book,etc.). The Server name is filled in automatically and can be changed here. In the Advanced tab you must specify the port where the LDAP service is running. The default value is 389 and it is strongly recommended that you keep this value. If some application needs this port, you can change it in your Icewarp Mail Server settings in the System tab. Implementation of LDAP server in Icewarp Mail Server allows you to use Secure Connection via SSL. Enable this option and set value of port to 636. The Search base is one of the most important settings in MS Outlook Express. It specifies a starting point where the search begins. Fill value dc=root as it is defined in slapd.conf. Do not
Page 2/4

http://esupport.icewarp.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=38

change this default value. You can specify limiting values. The Search timeout setting allows MS Outlook to terminate session if the LDAP server is not working. Maximum number of matches to return specifies the maximum number of entries returned. Summary The LDAP server that is integrated with Icewarp Mail Server is a useful tool for easy management of your colleagues contacts. Anywhere you have access to the internet and access to your mail server, you can simply connect to the LDAP server via an email client and search for their email addresses. Appendix A Settings of slapd.conf in "%Icewarpldap" This is a general configuration file. It is recommended to keep the default values. This appendix contains only default minimum needed to run LDAP properly. Lines started with # are ignored as comments. # Schemas used for database. include
schema/core.schema include schema/cosine.schema include schema/inetorgperson.schema # ldbm database definitions Database ldbm Suffix "dc=root" rootdn "cn=admin,dc=root" rootpw admin Directory ldbm Index objectClass eq

Detailed Explanation: include This item lets include additional schema definitions. All schema definitions are located in the LDAPSchema directory. You can create your own definitions and edit the existing. Make sure to follow the creation rules otherwise LDAP will not start. If you are a beginner use always the existing schema definitions. Includes are used on multiple lines. Please, see the Schema paragraph below. Database Icewarp uses LDBM database for storing data. Suffix This item identifies the suffix you will use the LDAP server under. All client connections will have to use this suffix. All DB records are also under this suffix so when you change the suffix you need to create the new records again under the suffix. Usually the suffix is like your domain name. We wanted to you to be able to use the LDAP right always so we created the suffix "dc=root" Rootdn This item identifies the administrator user of LDAP that does not need to exist in LDAP and still perform any actions like add, edit and delete records. It always has to contain the suffix at the end. The default is. rootdn "cn=admin,dc=root" Rootpw This item contains the password for rootdn the administrator account in LDAP. It is strongly recommended to leave slapd.conf with default values. Directory This specify directory, where data will be stored. Index This directive specifies the indices to maintain for the given attribute. By default, no indices are maintained. It is generally advised that minimally an equality index upon objectClass be maintained.
Page 3/4

http://esupport.icewarp.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=38

Appendix B Settings of Bypass file in LDAP server configuration: Lines started with // are ignored as comments. Formal Syntax: Icewarpmailserver.com bill@microsoft.com 192.168.*.* {c:DataBypassallbypass.dat} This file contains email addresses, domains and IPs, each per line. You can also use masks. These addresses and IPs will serve as a bypass criteria for the filter. In other words the filter will not be activated. "{" ...name of file..."}" specify a file, where are stored e.g. IP addresses for bypass.

Page 4/4