21.3  Configuring Email Clients

The following information should be considered to enable a mail client to access contacts stored in Kerio MailServer by the LDAP protocol.

LDAP server

DNS name (e.g. mail.company.com) or IP address (e.g.192.168.1.10) of the host that Kerio MailServer is running on.

User name and password

This data is used by users to log into the LDAP server (equal to the name and password for user login to mailboxes). The LDAP server in Kerio MailServer does not support anonymous logins — the user login is always required.

Security, Port

Select, whether the secure or non-secure version of LDAP protocol should be used. If you do not use standard port insert a corresponding port number.

Note: TLS is not supported.

Search base

If you want to access all private and subscribed shared and public folders, leave the entry blank or enter

fn=ContactRoot

Specify appropriate branch of the LDAP database in more details to limit access only to certain folders. To better understand various alternatives, read the following examples:

  • cn=wsmith@company.com,fn=ContactRoot

    — it will be searched only through contact files of the user john@company.com

  • fn=personal,fn=ContactRoot — it will be searched only through contact files of users that are logged into the LDAP server. This option is identical with the previous one, however, it is not necessary to specify username (or email address) of the user. This feature can be used for example for configuration of more clients, etc.

  • fn=public,fn=ContactRoot

    it will be searched only through public contact files

  • fn=Contacts,cn=wsmith@company.com,fn=ContactRoot

    — it will be searched only through the Contacts folder of the user

  • fn=PublicContacts,fn=public,fn=ContactRoot

    — it will be searched through the public PublicContacts folder only

Example of Configuration — Outlook Express

The client configuration for enabling the search of contacts through LDAP is explained in the following example using Microsoft Outlook Express.

The LDAP account is defined in the Tools → Accounts → Directory Service menu. New accounts can be added by wizards. However, only basic parameters can be defined there. Therefore, it is possible to set detailed parameters by selecting a corresponding account and clicking on Properties.

General folder:

LDAP server settings — General tab

Figure 21.2. LDAP server settings — General tab


Name of the account

Name of the account, used for reference only.

Server Name

DNS name or IP address of the host where Kerio MailServer is running (e.g. mail.company.com or 192.168.1.10).

This server requires me to log on

It is necessary that this option is checked since the LDAP server in Kerio MailServer does not allow anonymous access.

Account name, Password

Insert your username and your password for login to the server (identical with your name and password for login to your mailbox).

Log on using Secure Password Authentication

When this option is enabled, passwords will be sent securely through NT domain authentication (SPA/NTML). This authentication method is not supported by the LDAP server in Kerio MailServer therefore it must be disabled.

Note: We recommend using the secure version of the LDAP service (SSL) for encrypted user authentication.

Check names against this server when sending mail

If this option is enabled, personal email addresses will be searched for automatically when a message is sent. This means that names can be used instead of full email addresses in the To field (or Copy To or Blind Carbon Copy To). The appropriate email addresses will be changed when the email is sent.

Note: If an inserted name cannot be found, the message will not be sent by Outlook Express and the user must correct the name or insert the full email address. If there are more addresses for one name, a dialog for user/address selection will be opened.

Advanced folder:

LDAP server settings — Advanced tab

Figure 21.3. LDAP server settings — Advanced tab


Server Port Number

Port the LDAP service is running on. The Use Default button will set the standard port number (depending on the on/off mode of SSL — see below).

This server requires a secure connection (SSL)

A secure connection is activated or inactivated with this option. Set the SSL security system according to Kerio MailServer services configuration (for details, see chapter 6  Services) or according to your security policy (see chapter 12.6  Advanced Options).

Search timeout

If there is a large LDAP database or the connection is slow, the search can take a long time. This option defines the maximum length of time for searching through the database. When this time expires, the searching is stopped, regardless whether any record has been found or not.

Note: If the LDAP server is located within the same local network as the client, the search should take almost no time.

Maximum number of matches to return

If the specifications of the item searched are too broad (e.g. most of the recipient's name is not included), the search may result in many items found. Limiting the maximum number of matches can reduce the search time as well as line traffic. If a large number of items are returned, a new search should be performed using more narrowly defined specifications.

Search base

Specify a location of contacts in the LDAP database (see above). If you leave this entry blank, all subscribed folders will be scanned (public and shared).

Use simple search filter

This option reduces the number of database items that will be searched. This will make the search faster, however, the search potential will be reduced. We recommend not to use this option.