How to Configure OpenLDAP for the AXIGEN Mail Server

Posted by Alina Popescu on: 2007-07-11 00:02:37

What is LDAP?

LDAP stands for Lightweight Directory Access Protocol. This protocol is used to access a directory listing. It is being implemented in Web browsers and e-mail programs to enable lookup queries (searches for certain types of information). When compared to other querying architectures such as SQL databases, lookup speed is the major advantage of using LDAP. In large companies, a huge number of requests are made and storing the information in a database becomes a very resource consuming approach. The basic principle behind LDAP is the optimization toward many record reads and few additions or modifications. From an administrator's point of view, LDAP is fairly easy to use as long as the concepts behind the system are understood. It is not the most user-friendly application to use, but the benefits it provides are worth the extra effort.

Why use LDAP?

LDAP can be used along side AXIGEN to provide three functionalities: LDAP Address Directory, User Authentication and Connection Routing. The main benefits this integration entails are less time spent searching for contacts when sending an e-mail, especially within large contact databases, less stress on the server and increased end-user productivity. Authentication is a widely used method of preventing unauthorized access to the mail server. In a mail environment with hundreds or thousands of accounts, a long authentication time can prevent other users from logging onto the system and can thus lead to poor service. When managing several AXIGEN servers, LDAP comes as a means of controlling all authentication processes from a single location.

OpenLDAP (an open source implementation of the LDAP protocol) should be used alongside AXIGEN Mail Server if you are looking for a shared address book and you want to have user accounts spread on several AXIGEN servers.

If you decide to use a LDAP system with your mail server, there are a few aspects you should take into account. A fair understanding of the LDAP system is required before actually starting to install and configure it. The additional workload needed to configure and implement an LDAP server is considerable, thus it is typically used only in scenarios involving a large number of mailboxes spread across several AXIGEN servers.

How does LDAP work?

A client starts a LDAP session by connecting to a LDAP server, by default on the 389 TCP port. The client then sends operation requests (queries) to the server which returns a certain response. Apart from specific situations, the client is not required to wait for a response before sending subsequent requests, and the server may send the responses in any order.

An LDAP server generally supports the following actions:

Bind (authentication and protocol version specification)
Search (search for elements in the directory)
Add (add an element to the directory)
Modify (edit the contents of an element)
Delete (remove an element from the directory)
Abandon (cancel a previous request)
Unbind (close the connection)

When using a secure connection the default port is 636. Secured connections have been deprecated officially in 2003 along with the second version (ldapv2) of the LDAP protocol. Even though this version has been deprecated, many applications still use it and therefore it is still supported.

An LDAP Directory resembles a tree of entries. These entries have their own attributes and unique identifiers. Attributes have names that are defined in the schemas used by the server. Unique identifiers are in fact the DN (distinguished name) of the entry containing an attribute of the entry (such as CN – common name) followed by the identifier of the parent entry. Here is an example:

	dn: cn=Someone,dc=example,dc=org
	cn: Someone
	givenName: Someone
	mail: someone@example.org
	manager: cn=Some manager,dc=example,dc=org
	objectClass: inetOrgPerson
	objectClass: organizationalPerson
	objectClass: person

In this example, the name of the entry is "Someone" and the parent entry name is "example.org". "dc" stands for domain component, and is specific to domain names. The rest of the lines are the attributes of this particular entry. Attributes have generally easy to guess names, such as “mail”.

Configuring LDAP for AXIGEN

Before changing the authentication type to LDAP you have to make sure that you have AXIGEN Mail Server version 3.0 or higher installed, a LDAP server running and the LDAP directory set up.

Hands-on example - Debian 3.1 and AXIGEN 3.0

1. Install AXIGEN 3.0 and configure your domain of choice (example.org in this configuration example). Make sure you have some accounts active in that domain.

2. Install the LDAP server:

Install the required packages:
```
apt-get -y install slapd ldap-utils
```
Enter the domain name defined in your AXIGEN mail server (example.org). This will result in "dc=example,dc=org";
Enter the same "example.org" for the organization;
Choose a password for your server;
Choose to enable support for the LDAPv2 protocol.

3. Configure LDAP

With your favorite text processor edit the file:
```
/etc/ldap/slapd.conf
```
Uncomment the line:
```
#allow bind_v2
```
Under the lines where schemas are defined include the “misc schema” by inserting the following line:
```
include /etc/ldap/schema/misc.schema
```
Restart the LDAP server:
```
 /etc/init.d/slapd restart
```

4. Setup the LDAP Directory structure:

Create a file that will be the template for subsequent users you will add:
```
touch user.ldiff
```

Edit the newly created file and insert the following lines into it:

dn: cn=example-user,dc=example,dc=org
objectClass: inetOrgPerson        
objectClass: inetLocalMailRecipient        
cn: example-user        
sn: example-user        
mail: example-user@example.org        
userPassword: userpass        
mailHost: 127.0.0.1

Save and close the file. Make sure that no trailing spaces exist on any of the lines and that the file ends with a ‘newline’ character. If these requirements are not met, LDAP will return syntax errors. When you want to add a new user into the directory database, all you have to do is change the contents of the above file to fit the new identity;
Add the user in the directory listing use the following command:
```
	ldapadd -x -D "cn=admin,dc=example,dc=org" -W -f user.ldiff
```
Important! Make sure you use the "-x" switch when connecting to the LDAP server to use plain authentication.
The server will ask for the password and then the output of that command should resemble: adding new entry "cn=example-user,dc=example,dc=org"
If you receive an error here, youeither used a wrong password or you need to check the file again for errors;
Edit the file and add a few more users to the directory, to test the setup.

5. Make sure the LDAP directory contains the needed information:

Perform a search on the LDAP directory with the following command:

ldapsearch -b "dc=example,dc=org" -W -D "cn=admin, dc=example,dc=org" -x

This command will display all the entries that currently exist in the directory. You should be able to identify the admin user you have used to log on the server and all the accounts you've been creating. If this is not the case, please review the previous steps before continuing.

6. Configure AXIGEN to use the LDAP directory for authentication and routing

First configure a new LDAP Connector:

Log into the WebAdmin interface;
Go to the "UserDB" context;
Click the "LDAP Connectors" tab;
Click the "Add new ldapconn" button;

Set the following atributes:

	Name: ldap-users
	Host URL: ldap://localhost:389
	bindDN: cn=admin,dc=example,dc=org
	bindPass: <your_LDAP_password>
	searchBase: dc=example,dc=org
	searchPattern: mail=%e
	passwordField: userPassword
	axigenHostField: mailHost

Click the "Add" button;
Click the "Commit" button;
Click the "Save Config" button;

Then create a new User Map:

In the "Server" context, click the "User Maps" tab;
Click the "Add new map" button;

In the "Name" field enter: "LDAP-Auth";

Make sure the type of the map is "ldap";

Local file should be blank because we do not use one;

userdbConnectorType: ldap;

Set the user map to the one we defined before: userdbConnectorName: ldap-users;

Click the "Add" button;
Click the "Commit" button;
Click the "Save Config" button.

7. Enable LDAP authentication for a specific service (IMAP in this example)

Log into the WebAdmin interface;
Go to the IMAP context;
Select "ldap" in the "User dB connector type" section;
Set the "userdbConnectorName" to "ldap-users";

Click the "Add" button;
Click the "Commit" button;
Click the "Save Config" button.

Important! The password set in the LDAP Directory must be used to log into the accounts when using LDAP authentication. Normally these two passwords should not differ in any way.

References & Further reading

WebMaster Media Maker

WebMaster Media Maker Creates Flash Audio and Video Files with Custom Players! Includes The Powerful FLV Encoder (Free with Purchase)!

With Webmaster Media Maker you will be able to generate Streaming Audio and Streaming Video for your website in Minutes! The best part is No monthly fees and No Special Servers are required!

NOW WITH ADVANCED SECURITY TO PROTECT YOUR AUDIO AND VIDEO FILES FROM ONLINE THEFT

Print this article

Tell a friend

How To Control What Data Can Be Entered Into A Microsoft Excel Cell?

How to Create A Microsoft Excel Database

Database Companies - How to Choose a Developer

How to Craft a Team of Productive Software Users

How To Control The Way Linux Starts Up: GUI or Command Line Interface

How to Choose the Correct Chiropractic Billing Software

HTML Editors - How to Choose the Right One for Building Your Websites

How To Choose The Right Accounting Software For Your Business?

User comments:

Wheat - Posted on: 2010-03-10 13:26:38

Hi,
Thanks for sharing this information.

Auction is a pretty good place to bid on products and acquire them easily.

We Bangbangpai presenting Online Penny Auction.

http://www.bangbangpai.com/

dagwood255 - Posted on: 2010-08-28 17:25:21

LDAP can be used along side AXIGEN to provide three functionalities: LDAP Address Directory, User Authentication and Connection Routing. The main benefits this integration entails are less time spent searching for contacts when sending an e-mail, especially within large contact databases, less stress on the server and increased end-user productivity. Authentication is a widely used method of preventing unauthorized access to the mail server. In a mail environment with hundreds or thousands of accounts, a long authentication time can prevent other users from logging onto the system and can thus lead to poor service. When managing several AXIGEN servers, LDAP comes as a means of controlling all authentication processes from a single location.
_______________
Door Furniture
Door Handles

Wheat - Posted on: 2010-09-27 14:03:01

http://www.royalsrajasthan.in/ Royal Rajasthan Tourism Guide offers Rajasthan Travel, Rajasthan Tour, Rajasthan Tourist Places, Rajasthan Tour Packages, Heritage Hotels in Rajasthan, Fairs Festivals of Rajasthan, Rajasthan Holiday, Travel to Rajasthan and Desert Tour. Rajasthan Leading Tour Operators offers best deal for various Tours & Travel in Rajasthan, India.

elene - Posted on: 2010-10-20 09:17:31

Thankx so much for this! I havent been this thrilled by a blog post for quite some time! You've got it, whatever that means in blogging. Anyway, You are certainly somebody that has something to say that people need to hear. Keep up the good work. Keep on inspiring the people!
marlboro cigarettes | discount cigarettes

Timothy8797 - Posted on: 2010-11-10 10:04:14

LDAP stands for Lightweight Directory Access Protocol. This protocol is used to access a directory listing. It is being implemented in Web browsers and e-mail programs to enable lookup queries (searches for certain types of information).

---------------------------------------------------
USANA

craig.michelle - Posted on: 2011-01-28 07:52:36

It's so tough to encounter right information on the blog. I realy loved reading this post. It has strengthen my faith more. You all do such a great job at such Concepts...can't tell you how much I, for one appreciate all you do.
-------------------------------------------------------------------
internet marketing company seo services mba in marketing

itsmekap - Posted on: 2011-03-02 10:49:04

this software Free or paid can i download it from web?

SEO Company India

SEO India

SEO Delhi

Emilyshela - Posted on: 2011-03-25 08:20:34

This post is good in regards of both knowledge as well as information. Thanks for the post.

custom essays

Emilyshela - Posted on: 2011-03-25 12:56:06

Usually I do not post comments on blogs, but I would like to say that this blog really forced me to do so! Thanks,for a really nice read.

essay writers

deecoup - Posted on: 2011-03-26 07:40:57

thanks for explaining LDAP Configuration

Seo Company India Website Designing Company Data Entry

nancysharon - Posted on: 2011-03-28 11:34:49

I could tell how great you are in your field of interest. You could relate in each detail very well

UK Thesis Writing Service

Helmore - Posted on: 2011-03-31 10:44:44

Nice job u have done, u have post best 5 Article Marketing Secrets i really enjoy it.
Freelance SEO India
SEO Expert India

madisonabigailemma - Posted on: 2011-04-15 14:11:02

That's great to find the timings here, I was just looking for it.

Buy Ritalin

Buy valium

elithawilliam - Posted on: 2011-04-25 12:40:58

This information has added to my knowledge about the mail server, prior to it, i was not aware of them.
DVI Splitter

dexterlove - Posted on: 2011-04-30 13:57:15

Good job, thanks for sharing.

Free Bets

madisonabigailemma - Posted on: 2011-05-03 09:44:05

Really appreciate this wonderful post that you have provided for us. Nice job u have done

Buy Lexotanil Product

lusciousgifts - Posted on: 2011-05-03 10:05:41

That's really interesting post but i too late to read it first..........

Send gifts to Pakistan

Send online gifts to Pakistan

haydenpanettiere83 - Posted on: 2011-05-23 15:40:29

Great informative post thanks for sharing.....
Accredited Degree
Life Experience Degree

imarion - Posted on: 2011-06-08 21:51:06

Excellent blog! In depth analysis of subject.

New torrent files

alveradmo - Posted on: 2011-06-15 18:34:29

I had got to know great information. I really liked this site very much. Thanks for posting such a good informative thing in this site. Thanks a lot!
Assignment Help Uk | Programming Assignment Help | do my assignment for me

adokadrik - Posted on: 2011-06-16 01:51:34

A comprehensively detailed and attention grabbing review that you wrote in this article. I am really convinced the way you look. The way you describe the whole thing is simple and understandable.
UK Essay Writing | University Essays | Write My Essay

ronladosmith - Posted on: 2011-06-16 01:56:35

Well that's amazing article ! I really enjoy to read articles that have good information and ideas to share to each reader. I hope to read more from you guys and continue that good work that is really inspiring to us. Keep up the good job. thanks for the sharing.
Buy Assignment | Assignment Writing | Assignment Expert

smithhogg - Posted on: 2011-06-17 03:23:17

I really happy to read this post,I was just imagine about it and you provided me the correct information I really bookmark it,for further reading,So thanks for sharing the information.After read blog topic's related post now I feel my research is almost completed.I am so glad that I have found this your article because I have been searching for some information about seo.
essay writing help|essay help|essay writing uk

joshedward - Posted on: 2011-06-18 08:21:06

That's so much lovely, That is really such a great stuff.I am incomparable to enjoy myself when i appreciate your beautiful article from my deep heart!
essay help
analysis essay
write my essay

christopherdoylelam - Posted on: 2011-06-18 09:10:07

This page is simply enlightening and enjoyable to check out. I discovered a whole lot through discovering this. Thank you for putting up awesome written content and then keep up the excellent posting great stuff.
essay writing essay writers buy essay cheap custom essays

Next page >>>

Post New Comment

This site does not allow anonymous comments. Registered members can login to participate. Registration is free and takes only a few seconds