LDAP Directory Sync

The LDAP Sync feature is designed to obtain your valid user list, including aliases, and modify your valid user list accordingly as users are added or removed from your server.

 

To enable the LDAP Sync:

  • Login to Mailprotector Console
  • Navigate to Domain you'd like to manage
  • Click on the "User Sync" tab found at the top of the page

 mceclip0.png

  • Scroll down to "User Sources"
  • Select the "Add" button
  • Select "Choose" under "Active Dir."

mceclip1.png

  • Fill out the Host, Port, Username, Password, and Search base Fields based on the directions below

mceclip2.png

  1. Host- Hostname or IP of domain's domain controller server.

  2. Port- We recommend using LDAPS with port 636 and check the Use SSL option. The default port of 389 may also be used. But if you have a different setup in which LDAP/S listens on a different port, specify that here.

  3. Username/CN- This is the username of the user that was set up to access LDAP. This user must have the appropriate permissions to access the directory information required for syncing (the user list for the domain you are setting up). This string should include more than just a simple username in most cases. It also needs any OU (organizational units) and DC (domain components) need to define the path to this user. 

  4. Allow from IP's - You will need to make sure you are allowing this LDAP connection from all the following Mailprotector IP's
54.152.160.187
54.152.160.142

          Example - CN=administrator,OU=Users,DC=contoso,DC=com

ADUsers_Comps2.png

 Example view of a standard Active Directory folder structure.

  1. New password- The password for the defined user from above.

  2. Confirm new password

  3. Search base- This is where you limit the LDAP query to a certain domains user list in the directory. It typically consists of DC definitions for the domain this LDAP sync is being setup for. Example:

         dc=domain,dc=com

         This search base limits the results to just the "domain.com" directory information.

WARNING: Once the directory sync is run, please check if resource mailboxes were added. Mailprotector's system will bill for resource mailboxes added this way. If this is the case, you will need to filter out the user mailboxes with the "Filtering" tab under the "User Source." The other option is to narrow your search base to not include resource mailboxes. Deleting the mailboxes will not work. The directory sync will read them later if the Search Base or Filtering tabs are not adjusted accordingly.

mceclip3.png  

NOTE: The "Fields" will auto-populate once you have connected to the server under the "Sources" tab. The majority of people filter out the users they don't want by having a filter that excludes the "UserPrincipleName" of the undesired mailboxes.

 mceclip4.png

Have more questions? Submit a request

Comments