Email security icon


Email Protection

LDAP Lookups

In this page, you can manage LDAP Lookups, which can be used for remote authentication or for email address lookup.

LDAP Connectors for Lookups

Click "Create" to add a new LDAP Connector.

Click "Delete" if you wish to delete one or more selected connectors.

Click "Info" on the desired connector from the list to obtain the list of admins with permissions to use the connector.

Click "Edit" on the desired connector from the list if you wish to edit and update the settings.

Click "Test" on the desired connector from the list to verify if a connection can be established.

LDAP Connector settings

Connector name: Name by which the connector will be known in the system.

Admins: The administrator for the LDAP Connector.

LDAP Connector host list

An LDAP Connector can be configured to be used with a list of hosts. You must define the used protocols, servers, host name and port.

Secure Connections: The type of protocol to be used in the connection.

Servers: Servers to be selected from a list of available servers.

Move servers: When multiple servers are provided, allows changing the order preference

Host Name: The Host name for the connection.

Port: The TCP port used for the connection with the LDAP server. The default port is 389.

LDAP server certificates

You can insert certificates for the configured connection. There are two types of server connections: LDAP and LDAPS. The certificate is used by the client, in the connection, for recognition.

Verify Certificate: If this option is ticked "Yes", the LDAP queries are only performed if the certificate is valid. If the option is "No", then certificate verification is disabled.

Certificates (PEM format): A PEM format certificate must be copy-pasted in the proper box. This certificate is used exclusively for LDAPS connections.

LDAP Connector configuration

Search base: Is the search base to be used in the LDAP query, e.g. dc=domain,dc=tld.

Bind DN: Is the LDAP query bind DN, e.g. cn=Admin,dc=domain,dc=tld.

Leave empty string for anonymous bind.

Query filter: The filter to use in the LDAP query, e.g. proxyAddresses=smtp:%s.

The variables %s, %u and %d will be replaced by the full mail address, the user part and the domain part of the addresses, respectively.

Refer to RFC 2254 for information on query formats.

Result attribute: The attribute that will be retrieved from LDAP, e.g. mail.

This attribute will have to exist for the query to be considered successful.

Ldap version: The LDAP protocol version to use.

Server timeout: The timeout for each LDAP server specified. 10 seconds or less is recommended

Ldap password: The LDAP server bind password.