From Halon, SMTP software for hosting providers
Jump to: navigation, search

Using LDAP (Lightweight Directory Access Protocol) it's possible to integrate many of the system's aspects/services with your existing LDAP infrastructure. LDAP "profiles" are configured on the Configuration > Email engine > LDAP sources page, which can be used with the HSL core functions ldap_search and ldap_bind.


Parameter Value Exchange/Active Directory OpenLDAP[1] Zimbra Collaboration Suite[1]
Name User defined name My LDAP My LDAP Zimbra
Server Address Address of LDAP Server
Username (DN) Distinguished Name cn=username, ou=company, dc=example, dc=org cn=admin, dc=root uid=zimbra,cn=admins,cn=zimbra[2]
Password Password mysecretpassword mysecretpassword mysecretpassword[2]
Search Base (DN) Distinguished Name dc=example, dc=org dc=root
Query Filter Query Filter (proxyAddresses=smtp:%s) (mail=%s) (mail=%s)

1. Recipient filtering may no always be suitable, since some servers do not easily export alias domains etc. over LDAP. In those cases, fall back on SMTP forward lookup.
2. Zimbras LDAP username and password may be obtained using the zmlocalconfig -s zimbra_ldap_userdn zimbra_ldap_password command.

Recipient filtering

In the RCPT TO flow, you have the option to do recipient filtering over LDAP (ldap_search). To enable this, add the block "LDAP recipient lookup" from the "Add block..." menu if it doesn't already exist and select one or more LDAP sources.

API authentication

It's possible to use LDAP for API authentication, allowing system administrators based on group membership (such as Microsoft's AD).