The following information should be considered to enable a mail client to access contacts stored in Kerio MailServer by the LDAP protocol.
DNS name (e.g. mail.company.com
) or IP address (e.g.192.168.1.10
) of the host that Kerio MailServer is running on.
This data is used by users to log into the LDAP server (equal to the name and password for user login to mailboxes). The LDAP server in Kerio MailServer does not support anonymous logins — the user login is always required.
Select, whether the secure or non-secure version of LDAP protocol should be used. If you do not use standard port insert a corresponding port number.
Note: TLS is not supported.
If you want to access all private and subscribed shared and public folders, leave the entry blank or enter
fn=ContactRoot
Specify appropriate branch of the LDAP database in more details to limit access only to certain folders. To better understand various alternatives, read the following examples:
cn=wsmith@company.com,fn=ContactRoot
— it will be searched only through contact files of the user john@company.com
fn=personal,fn=ContactRoot
— it will be searched only through contact files of users that are logged into the LDAP server. This option is identical with the previous one, however, it is not necessary to specify username (or email address) of the user. This feature can be used for example for configuration of more clients, etc.
fn=public,fn=ContactRoot
it will be searched only through public contact files
fn=Contacts,cn=wsmith@company.com,fn=ContactRoot
— it will be searched only through the Contacts
folder of the user
fn=PublicContacts,fn=public,fn=ContactRoot
— it will be searched through the public PublicContacts
folder only
The client configuration for enabling the search of contacts through LDAP is explained in the following example using Microsoft Outlook Express.
The LDAP account is defined in the Properties.
menu. New accounts can be added by wizards. However, only basic parameters can be defined there. Therefore, it is possible to set detailed parameters by selecting a corresponding account and clicking onGeneral folder:
Name of the account, used for reference only.
DNS name or IP address of the host where Kerio MailServer is running (e.g. mail.company.com
or 192.168.1.10
).
It is necessary that this option is checked since the LDAP server in Kerio MailServer does not allow anonymous access.
Insert your username and your password for login to the server (identical with your name and password for login to your mailbox).
When this option is enabled, passwords will be sent securely through NT domain authentication (SPA/NTML). This authentication method is not supported by the LDAP server in Kerio MailServer therefore it must be disabled.
Note: We recommend using the secure version of the LDAP service (SSL) for encrypted user authentication.
If this option is enabled, personal email addresses will be searched for automatically when a message is sent. This means that names can be used instead of full email addresses in the To field (or Copy To or Blind Carbon Copy To). The appropriate email addresses will be changed when the email is sent.
Note: If an inserted name cannot be found, the message will not be sent by Outlook Express and the user must correct the name or insert the full email address. If there are more addresses for one name, a dialog for user/address selection will be opened.
Advanced folder:
Port the LDAP service is running on. The
button will set the standard port number (depending on the on/off mode of SSL — see below).A secure connection is activated or inactivated with this option. Set the SSL security system according to Kerio MailServer services configuration (for details, see chapter 6 Services) or according to your security policy (see chapter 12.6 Advanced Options).
If there is a large LDAP database or the connection is slow, the search can take a long time. This option defines the maximum length of time for searching through the database. When this time expires, the searching is stopped, regardless whether any record has been found or not.
Note: If the LDAP server is located within the same local network as the client, the search should take almost no time.
If the specifications of the item searched are too broad (e.g. most of the recipient's name is not included), the search may result in many items found. Limiting the maximum number of matches can reduce the search time as well as line traffic. If a large number of items are returned, a new search should be performed using more narrowly defined specifications.
Specify a location of contacts in the LDAP database (see above). If you leave this entry blank, all subscribed folders will be scanned (public and shared).
This option reduces the number of database items that will be searched. This will make the search faster, however, the search potential will be reduced. We recommend not to use this option.