Adding a LDAP server connection

This functionality is available only if the user has the Edit settings permission.

You can add a connection to one or several LDAP servers.

To add an LDAP server connection:

1. In the application web interface window, select the Settings → External services → LDAP server connections section.
2. Click Add.

   This opens the Add connection window.

3. In the Name field, enter the name that you want to be displayed in the application web interface.

   The application does not use this name for interacting with the LDAP server.

4. Click the Upload button to upload a previously created keytab file.

   The file selection window opens.

5. Select the keytab file and click Open.

   The keytab file must contain only one entry with credentials of a user that has access to the domain being added.

6. In the Search base (Base DN) field, type the DN (Distinguished Name) of the directory object beginning with which Kaspersky Secure Mail Gateway will start searching directory records.

   Enter the directory suffix in the following format: ou=<department name>(if required),dc=<domain name>,dc=<parent domain name>.

   For example, you can enter ou=people,dc=example,dc=com.

   Here people is the level in the directory schema at which Kaspersky Secure Mail Gateway begins to search for records (the search is performed at the people level and below; objects above this layer are excluded from the search), example is the domain name of the directory in which Kaspersky Secure Mail Gateway searches for records, com is the name of the parent domain that contains the directory.

7. Under LDAP users and groups, in the Attributes containing email addresses field, specify attributes from which the program will obtain email addresses of users and groups:
   • mail attribute.
   • proxyAddresses attribute.
   • mail and proxyAddresses attributes.

     If you are configuring an LDAP connection for integration with a Microsoft Exchange mail server, we recommend using proxyAddresses attribute because Microsoft Exchange stores email addresses of users and groups in the proxyAddresses attribute.

8. If you want the program to obtain email addresses of LDAP contacts, move the LDAP contact details toggle switch to the Enabled position.
9. If at the previous step you have enabled the obtaining of LDAP contact information, in the Attributes containing email addresses field, specify attributes from which the program will obtain the email addresses of LDAP contacts:
   • mail attribute.
   • proxyAddresses attribute.
   • mail and proxyAddresses attributes.
10. Click Add.

The LDAP server connection is added.

See also Integration with an external directory service Creating a keytab file Deleting a LDAP server connection Modifying LDAP server connection settings Configuring the schedule of synchronization with the Active Directory domain controller Manually starting synchronization with the Active Directory domain controller

Page top