Configuring LDAP Mailbox Sync
The following tasks allow you to set up Mail Assure to synchronize with your domain's mailboxes and email aliases on LDAP:
If needed, you can export a list of all existing LDAP mappings you have set up for your domains in the Admin Level Control Panel, see Export List of LDAP Mappings for Your Domains.
Once you have set this up, the mailboxes are listed in the Mailboxes Configuration page (see Mailboxes Overview/Configuration).
The LDAP mailbox synchronization system has a new attribute that can be copied from the LDAP server. This attribute indicates if the mailbox is a distribution list.
All LDAP requests originate from:
- securemail.management
- 130.117.251.9
- 2001:978:2:6::20:10
Prerequisites for Using LDAP Synchronization
- All information must be correctly entered when setting up the LDAP Mailbox Sync details, see Set up LDAP Mailbox Sync Details
- The LDAP server should allow logging in with either a username in the format user@ldap.demo-domain.invalid and password or a Domain Name and password
- There must be an LDAP attribute that uniquely identifies the user either with or without the domain. For example:
- sAMAccountName: test
- userPrincipalName: user@ldap.demo-domain.invalid
- There must be an LDAP attribute that uniquely identifies the user either with or without the domain. For example:
-
When users have multiple email addresses they must always use the email address stored on LDAP to access the system. Using any other email address will not allow access to Mail Assure
Default Mappings
A default mapping is provided in the Default Mapping tab for newly added domains, so, if your LDAP server is configured to standard, and you’re using the default mapping, your distribution lists are picked up automatically.
There are 5 rules configured within Default Mapping:
| Type | Attribute | Regular Expression | Meaning |
|---|---|---|---|
| Alias | ProxyAddress | ^(?)smtp:(.*)@.* | This looks at the universal proxyAddresses field in LDAP, which exchange servers use to list all a mailboxes assigned addresses. |
| Distribution List | objectClass | .*(group).* | This will pull in from LDAP/AD, all objects assigned the group objectClass. These will be marked as distribution lists in Mail Assure, causing incoming filtering to be non-billable. |
| Shared Mailbox | msExchRecipientDisplayType | (0|-2147483642)$ | Any mailbox where the msExchRecipientDisplayType ends in '2147483642' (which is an exchange server unique attribute for mail enabled shared mailboxes) is recognized as a shared mailbox and marked as non-billable for both incoming and outgoing filtering. |
| Mailbox | mailNickname | ^(.*)$ | This will pull in the primary address for a mailbox in the system, from the “mail” LDAP attribute. If a mailbox does not have this value, it will not be imported. |
| Username | userPrincipalName | ^(.*)$ | This looks for the users local username to the LDAP server (not an email address). This is then stored for later use, if LDAP authentication is to be used. This value allows disparate naming conventions to be used for email and local usernames. |
Disable LDAP
To disable LDAP authentication.
- In the Domain Level Control panel, select Users & Permissions > Manage Email Users
- Open the LDAP Authentication settings
- In the Domain Controller field delete the server hostname
- Click Save
