LDAP
Using Lightweight Directory Access Protocol (LDAP) it's possible to integrate many aspects/services in Halon VSP/SPG with your existing LDAP infrastructure. LDAP profiles are configured on the Mail Gateway → LDAP tab.
Contents |
Example Configurations
LDAP profile may look like this.
| Parameter | Value | Exchange/Active Directory | OpenLDAP[1] | Zimbra Collaboration Suite[1] |
|---|---|---|---|---|
| Name | User defined name | My LDAP | My LDAP | Zimbra |
| Server Address | Address of LDAP Server | 10.0.0.5 | 10.0.0.5 | 10.0.0.5 |
| Username (DN) | Distinguished Name | cn=username, ou=company, dc=example, dc=org | cn=admin, dc=root | uid=zimbra,cn=admins,cn=zimbra[2] |
| Password | Password | mysecretpassword | mysecretpassword | mysecretpassword[2] |
| Search Base (DN) | Distinguished Name | dc=example, dc=org | dc=root | |
| Query Filter | Query Filter | (proxyAddresses=smtp:%s) | (mail=%s) | (mail=%s) |
There is a testing tool for LDAP connections on the Diagnostics → Command tab, called "LDAP Look Up", It searches for a mail address using the "Query Filter" configured.
Notes
1. Recipient filtering may no always be suitable, since some servers do not easily export alias domains etc. over LDAP. In those cases, fall back on SMTP Forward lookup.
2. Zimbras LDAP username and password may be obtained using the zmlocalconfig -s zimbra_ldap_userdn zimbra_ldap_password command.
Recipient Lookup (RCPT)
On the Mail Gateway → Flows → Recipient Flow tab, you have the option to do recipient verification (ldap_search) over LDAP by simply selecting one or more LDAP profiles.
Note: always verify that also aliases and alias domains works and are exported over LDAP.
SMTP Authentication (AUTH)
On the Mail Gateway → Flows → Authentication Flow tab, you have the option to do authentications (ldap_bind) over LDAP by simply selecting one or more LDAP profiles.
Quarantine Integrations
Our Quarantine currently supports Microsoft Exchange and Novell GroupWise for merging alias. The Mail Gateway Quarantine documentation covers configuration and administration of the Quarantine.
Scripting with LDAP
There are two LDAP function available in HSL core function collection, ldap_search and ldap_bind.
System Authentication
It is possible to use LDAP for HSL System Authentication, allowing system administrators based on group membership (Microsoft Active Directory).
