Please enable JavaScript to view this site.

MDaemon Email Server 24.5

Navigation: Accounts Menu > Account Settings > Active Directory

Authentication

Scroll Prev Top Next More

 

Access to Active Directory may require special permissions to be set for all features to function.

Active Directory Authentication & Search

User name or Bind DN

This is the Windows account Logon or DN that MDaemon will use when binding to Active Directory using LDAP. Active Directory permits the use of a Windows account or UPN when binding.

When using a DN in this option rather than a Windows logon, you must disable/clear the "Use secure authentication" option below.

Password

This is the password that corresponds to the DN or Windows logon used in the Bind DN option above.

Use secure authentication

Click this checkbox if you wish to use secure authentication when performing your Active Directory searches. You cannot use this option when you are using a DN rather than a Windows logon in the Bind DN option above.

Use SSL authentication

Click this checkbox if you wish to use SSL authentication when performing your Active Directory searches.

Use of this option requires an SSL server and infrastructure on your Windows network and Active Directory. Contact your IT department if you are unsure if your network is setup this way, and to find out if you should enable this option.

Active Directory Searching

Base entry DN

This is the Distinguished Name (DN) or starting point in the Directory Information Tree (DIT) at which MDaemon will search your Active Directory for accounts and changes. By default MDaemon will begin searching at Root DSE, which is the topmost entry in your Active Directory hierarchy. Designating a more precise starting point closer to the location of your user accounts in your particular Active Directory tree can reduce the amount of time required to search the DIT for accounts and account changes. Leaving this field blank will restore the default setting of LDAP://rootDSE

Search filter

This is the LDAP search filter that will be used when monitoring or searching your Active Directory for accounts and account changes. Use this filter to more precisely locate the desired user accounts that you wish to include in Active Directory monitoring.

You can also configure your search filter to monitor a group within Active Directory, so adding a user to the group or a group to the user will cause the user to be created in MDaemon, and removing a user from a group will cause the account to be disabled (not deleted) in MDaemon.  For example, a proper search filter for a group called 'MyGroup' could look like this:

(|(&(ObjectClass=group)(cn=MyGroup))(&(objectClass=user)(objectCategory=person)(memberof=cn=MyGroup,ou=me,dc=domain,dc=com)))

Replace the 'ou=' and 'dc=' bits with something appropriate to your network.

Contact search filter

Use this option to specify a separate search filter for contact searches. If you use the same text in this field as in the Search filter option above, only one query is used to update all data. When the search filters are different, two separate queries are necessary.

Test

Use the Test buttons to test your search filter settings.

Search scope:

This is the scope or extent of your Active Directory searches.

Base DN only

Choose this option if you wish to limit your search to only the base DN specified above. The search will not proceed below that point in your tree (DIT).

1 level below base DN

Use this option if you wish to extend your Active Directory search to one level below the supplied DN in your DIT.

Base DN and all children

This option will extend the scope of your search from the supplied DN to all of its children, down to the lowest child entry in your DIT. This is the default option selected, which when combined with the default Root DSE setting above means that the entire DIT below the Root DSE will be searched.

Verbose AD logging

By default MDaemon will use verbose logging for Active Directory. Clear this checkbox if you wish to use less extensive Active Directory logging.