The following information should be considered to enable a mail client to access contacts stored in Kerio MailServer by the LDAP protocol.
DNS name (e.g. mail.company.com
) or
IP address
(e.g.192.168.1.10
) of the host that Kerio
MailServer is running on.
This data is used by users to log into the LDAP server (equal to the name and password for user login to mailboxes). The LDAP server in Kerio MailServer does not support anonymous logins — the user login is always required.
Select, whether the secure or non-secure version of LDAP protocol should be used. If you do not use standard port insert a corresponding port number.
TLS protocol (i.e. switching to secured mode by the STARTTLS command) is not supported.
If you want to access all private and subscribed shared and public folders, leave the entry blank or enter
fn=ContactRoot
Specify appropriate branch of the LDAP database in more details to limit access only to certain folders. To better understand various alternatives, read the following examples:
cn=wsmith@company.com,fn=ContactRoot
— it will be searched only through contact files of the
user john@company.com
fn=personal,fn=ContactRoot
— it will
be searched only through contact files of users that are logged into the LDAP
server. This option is identical with the previous one, however, it is not
necessary to specify username (or email address) of the user. This feature can
be used for example for configuration of more clients, etc.
fn=public,fn=ContactRoot
it will be searched only through public contact files
fn=Contacts,cn=wsmith@company.com,fn=ContactRoot
— it will be searched only through the
Contacts
folder of the user
fn=PublicContacts,fn=public,fn=ContactRoot
— it will be searched through the public
PublicContacts
folder only
The client configuration for enabling the search of contacts through LDAP is explained in the following example using Microsoft Outlook Express.
The LDAP account is defined in the Tools → Accounts → Directory Service menu. New accounts can be added by wizards. However, only basic parameters can be defined there. Therefore, it is possible to set detailed parameters by selecting a corresponding account and clicking on Properties.
General folder:
Name of the account, used for reference only.
DNS name or
IP address of
the host where Kerio MailServer is running (e.g.
mail.company.com
or 192.168.1.10
).
It is necessary that this option is checked since the LDAP server in Kerio MailServer does not allow anonymous access.
Insert your username and your password for login to the server (identical with your name and password for login to your mailbox).
When this option is enabled, passwords will be sent securely through NT domain authentication (SPA/NTML). This authentication method is not supported by the LDAP server in Kerio MailServer therefore it must be disabled.
We recommend using the secure version of the LDAP service (SSL) for encrypted user authentication.
If this option is enabled, personal email addresses will be searched for automatically when a message is sent. This means that names can be used instead of full email addresses in the To field (or Copy To or Blind Carbon Copy To). The appropriate email addresses will be changed when the email is sent.
If an inserted name cannot be found, the message will not be sent by Outlook Express and the user must correct the name or insert the full email address. If there are more addresses for one name, a dialog for user/address selection will be opened.
Advanced folder:
Port the LDAP service is running on. The
button will set the standard port number (depending on the on/off mode of SSL — see below).A secure connection is activated or inactivated with this option. Set the SSL security system according to Kerio MailServer services configuration (for details, see chapter 6 Services) or according to your security policy (see chapter 12.6 Advanced Options).
If there is a large LDAP database or the connection is slow, the search can take a long time. This option defines the maximum length of time for searching through the database. When this time expires, the searching is stopped, regardless whether any record has been found or not.
If the LDAP server is located within the same local network as the client, the search should take almost no time.
If the specifications of the item searched are too broad (e.g. most of the recipient's name is not included), the search may result in many items found. Limiting the maximum number of matches can reduce the search time as well as line traffic. If a large number of items are returned, a new search should be performed using more narrowly defined specifications.
Specify a location of contacts in the LDAP database (see above). If you leave this entry blank, all subscribed folders will be scanned (public and shared).
This option reduces the number of database items that will be searched. This will make the search faster, however, the search potential will be reduced. We recommend not to use this option.