Adding an LDAP Authentication Server per domain allows for the user details in the directory to be automatically updated to the MailShark account created for them.


To addan  AD / LDAP Authentication server to a domain you need to login with your MailShark Domain Administrator account and perform the steps below.


Adding Authentication Settings

  1. Click Domains
  2. For the chosen domain > Click the circular gear icon under the actions area. This is titled Manage settings on a mouse over of the gear icon.
  3. Click Add Authentication settings
  4. Enter the server IP address or Hostname in the Server address field
  5. Select the Authentication protocol in the Protocol drop down
  6. Enter the port in the Port field
  7. Ensure the Enabled checkbox is ticked
  8. Click Add

Adding AD/LDAP Authentication additional settings
  1. Click Domains
  2. For the selected Domain > Click the Domain name
  3. Scroll to the bottom under Authentication Servers
  4. Click the circular gear icon to the right of the newly created (LDAP) Authentication Server. This is titled Manage settings on a mouse over of the gear icon.
  5. Enter the required settings (details below)
  6. Click the Save settings button

For point 5, the following is required:


AD/LDAP authentication requires the following additional setting.

  • Base DN - The LDAP Directory Base DN
  • Username attribute - The username attribute, defaults to uid
  • Email attribute - The email attribute, defaults to mail
  • Bind DN - The BIND DN if Directory does not allow anonymous binds
  • Bind password - The BIND password
  • Use TLS - Use a TLS connection
  • Search for UserDN - Find the UserDN then Bind to that
  • Auth Search Filter - Filter used to find the UserDN, LDAP Search Filter Variables are supported (see below)
  • Auth Search Scope - Search Scope, defaults to subtree
  • Email Search Filter - Filter used to find email addresses, LDAP Search Filter Variables are supported (see below)
  • Email Search Scope - Search Scope, defaults to subtree


LDAP Search Filter Variables


The following variables are available for use in your LDAP search filters.

  • %n - login (user@domain)
  • %u - user (user part of the login)
  • %d - domain (domain part of the login)
  • %D - domainDN (domain DN)

Variable
 Auth Search Filter Email Search Filter
%n Available Not Available
%u Available Available
%d Available Available
%D Available Not Available


Notes

  • If you have a firewall which blocks inbound AD / LDAP ports (by default), you'll need to allow the configured LDAP port inbound from the MailShark servers (the 59.191.232.0/24 subnet) to your authentication server.