Configuring the connection to an LDAP server

To configure the LDAP server connection settings:

  1. In the main window of the application web interface, open the management console tree and select the Settings section and LDAP subsection.
  2. In the lower part of the workspace, select the LDAP server the connection to which you want to configure.
  3. In the LDAP Server Connection Settings settings group of the selected server, click any link to open the LDAP Server Connection Settings window.
  4. In the LDAP server settings settings group, in the LDAP server list, select one of the following external directory services:
    • generic LDAP, if you want to add a connection to a server of an LDAP-compatible directory service (such as Red Hat Directory Server).
    • Active Directory, if you want to add a connection to a Microsoft Active Directory server.
  5. In the LDAP server settings section, in the Server address field type the IP address in IPv4 format or the FQDN name of the LDAP server to which you want to connect.
  6. In the LDAP server settings section, in the Connection port number list specify the port for connecting to the LDAP server.

    The LDAP server usually receives inbound connections at port 389 via the TCP or UDP protocol. Port 636 is normally used to connect to an LDAP server via the SSL protocol.

  7. In the LDAP server settings section, in the Connection type list select one of the data encryption options when connecting to the LDAP server:
    • SSL, if you want to use SSL.
    • TLS, if you want to use TLS.
    • No encryption, if you do not want to use data encryption technologies when connecting to the LDAP server.

      After the Microsoft update is released (see ADV190023 LDAP Channel Binding and LDAP Signing for details), SSL or TLS encryption will be required when connecting to Active Directory. If you continue to use the No encryption option, the application may experience the following operational issues: no connection to Active Directory; no access to copies of messages in personal storage; errors in the message processing rules.

  8. In the Authentication settings section, in the LDAP server user account name field type the name of the user of the LDAP server who has privileges to read directory records (BindDN). Enter the user name in one of the following formats:
    • cn=<user name>, ou=<department name> (if required), dc=<domain name>, dc=<parent domain name>, if you want to add a connection to a server of an LDAP-compatible directory service (such as Red Hat Directory Server).

      For example, you can enter the following user name: cn=LdapServerUser, dc=example, dc=com, where LdapServerUser is the name of the LDAP server user; example is the domain name of the directory to which the user's account belongs; com is the name of the parent domain in which the directory is located.

    • cn=<user name>, ou=<unit name> (if required), dc=<domain name>, dc=<parent domain name> or <user name>@<domain name>.<parent domain name> if you want to add a connection to a Microsoft Active Directory server.

      For example, you can enter the following user name: LdapServerUser@example.com, where LdapServerUser is the name of the LDAP server user; example.com is the domain name of the directory to which the user's account belongs.

  9. In the Authentication settings section, in the LDAP server user account password field type the LDAP server access password of the user specified in the LDAP server user account name field.
  10. In the Search settings section, in the Search base field type the DN (Distinguished Name) of the directory object beginning with which Kaspersky Secure Mail Gateway will start searching directory records.

    Enter the search base in the following format: ou=<department name> (if required), dc=<domain name>, dc=<parent domain name>.

    For example, you can enter the following search base: ou=people, dc=example, dc=com, where people is the directory level from which Kaspersky Secure Mail Gateway starts searching for records (the search is run at the people level and lower levels. Objects located above this level are excluded from the search scope); example is the domain name of the directory in which Kaspersky Secure Mail Gateway searches for records; com is the name of the parent domain in which the directory is located.

  11. Click the Check button.

    Kaspersky Secure Mail Gateway checks the connection to the LDAP server using the connection and authentication settings you have specified.

  12. Click the Apply button.

    The LDAP Server Connection Settings window closes.

See also

Connecting to an LDAP server

About the connection to an LDAP server

Connecting to and disconnecting from an LDAP server

Adding a connection to an LDAP server

Deleting a connection to an LDAP server

Enabling and disabling a connection to an LDAP server

Configuring the LDAP server connection filters

Page top