How To Setup LDAP Authentication
Posted by Gary Garber on 13 November 2008 02:44 PM

In the Icewarp mail server you have the ability to use LDAP authentication for the user accounts. This allows you to pull account passwords from an existing LDAP database. If the password is changed in LDAP the Icewarp server will automatically accept the change so you can run two systems without needing to make separate changes in each for your user base.

To enable LDAP authentication you first need to open the Icewarp console and navigate to the [Management] tab, then to the domain. Expand the domain to gain access to the user accounts.



Now go to the account and click on the [Mode] drop down and choose [LDAP/Active Directory].



For LDAP authentication you must use the following format.

localhost;cn=admin+mail=admin@test.com,dc=root

So you first specify the hostname/IP of the LDAP server, then the user account CN (Common Name) in LDAP, and finally the DC (Domain Component) the user is located in. You must use a semi-colon between the host/IP and the CN, without this the format will be incorrect and no authentication will be processed.

The accounts would need to have the passwords already listed in the LDAP database or else no password could be pulled thus not allowing them access. If you are syncing your Icewarp accounts to LDAP then be aware the passwords are not synced with them and you will need to update LDAP directly with the passwords in order to use LDAP authentication.

There are two different ways to administer the LDAP database, whether it is the local LDAP database provided when installing the Icewarp E-Mail Server or when using an external LDAP database, these being, command line or a GUI interface.

If you are new to LDAP and do not know the command line very well to utilize the LDAP database I suggest downloading a GUI interface that will help you set passwords, add users, update users, etc. We recommend this GUI as it is very easy to use and does not require much setup.

If you have any other questions regarding LDAP authentication please submit a ticket to our support staff here.