Using the LDAP Service

This page explains how to use the LDAP service and how it can be configured securely. For more detailed information on what each option of the LDAP settings is for, then please view the LDAP page.

The LDAP Service #

LDAP stands for Light Directory Access Protocol and is used for querying servers for information. The most common use of LDAP with mail servers is gathering information about users stored on the server. This can be useful for adding address book contacts to mail clients such as Outlook and for use in other mail related software which may need account information for some other processing or statistical analysis.

Enabling the LDAP Service #

Enabling LDAP is easy and can be done by enabling a single tick box. For more information on managing the listening port, please view the Using the Listening Services page.

LDAP Databases #

User information is stored in an LDAP Database. Each database is uniquely identified by a name which is also the username for login purposes. Each database can also optionally require a password for authentication. Most mail servers provide a very simple LDAP service, using only one database containing all users on the mail server which is publicly accessible (no username or password). Any login which requires no username or password is called an 'anonymous bind'. A bind is basically just the LDAP term for login.

Multiple Databases

Ability Mail Server extends beyond the basic functionality of one public database containing all users by providing facility for multiple databases. These can be configured with any combination of users from the mail server. It is also possible to add users not stored locally by using Shared Address Books.

Default Database

Ability Mail Server allows you to mark any of the databases as a default database. The default database can be accessed like any other database. However, during login, if the username is blank or does not match any of the existing databases, login will be automatically redirected to the default database.

Security Considerations #

It is important that LDAP is used correctly, as it has the potential to expose sensitive personal information about your users (their name, email address, home address and telephone number). If you want to restrict access to your user information, you should enable passwords for each database and avoid setting a default database.