CommuniGate Pro LDAP Module

Intro
Installation
SysAdmin
Accounts
Transfer
Access 
Sharing 
POP 
IMAP 
Web User 
LDAP
ACAP 
PWD 
Directory
Data Files
Clusters
Miscellaneous
Licensing
HowTo
  • Lightweight Directory Access Protocol
  • Configuring the LDAP module
  • User Authentication
  • Central Directory
  • Access to Supplementary Databases
  • The CommuniGate LDAP module implements an LDAP server for TCP/IP networks.

    The LDAP protocol allows a client application (a mailer or a search agent) to connect to the Server computer and retrieve information from the server databases and directories. The LDAP protocol can also be used to modify data in databases and directories.

    The CommuniGate Pro LDAP module supports both clear text and secure (SSL/TLS) connections.

    Note: while LDAP and Central Directory services are often considered to be the same, this is not correct, especially for the CommuniGate Pro Server. The LDAP module can provide access to various Server database objects, not only to the Central Directory database. On the other hand, the Central Directory database can be used not only by LDAP clients, but it can also be browsed via the WebUser Interface and it can be used by other Server components and modules.

    This section describes the LDAP module (server) only, not the Central Directory database. Please see the Central Directory section for more details.

    Note: while the LDAP module implements an LDAP server functionality, the CommuniGate Pro Server can also work as an LDAP client, using the LDAP protocol to access external LDAP servers and their databases. Usually this is implemented using the .ldb database objects.

    Lightweight Directory Access Protocol

    The CommuniGate Pro LDAP module provides access to the Central Directory data base as well as to any number of supplementary databases.

    This is essential to understand that the CommuniGate Pro LDAP module itself dose not provide any Central Directory or other services. It just implements a database access protocol, and the functionality it provides depends on the databases maintained by the Server.


    Configuring the LDAP module

    Use a Web browser to configure the LDAP module. Open the Access page in the WebAdmin Settings section.

    Serving LDAP Clients
    Log:  
    Channels: listener
    Log
    Use this setting to specify what kind of information the LDAP module should put in the Server Log. Usually you should use the Major (password modification reports) or Problems (non-fatal errors) levels. But when you experience problems with the LDAP module, you may want to set the Log Level setting to Low-Level or All Info: in this case protocol-level or link-level details will be recorded in the System Log as well.

    The LDAP module records in the System Log are marked with the LDAP tag. Please note that the LDAP protocol is a binary protocol, so all low-level data is presented in the hexadecimal form.

    Channels
    When you specify a non-zero value for the TCP/IP Channels setting, the LDAP module creates a so-called "listener" on the specified port. The module starts to accept all LDAP connections that mail clients establish in order to updates password data. This setting is used to limit the number of simultaneous connections the LDAP module can accept. If there are too many incoming connections open, the module will reject new connections, and the user should retry later.
    If the number of channels is set to zero, the LDAP module closes the listener and releases (unbinds from) the TCP port(s).

    listener
    By default, the LDAP module Listener accepts clear text connections on the TCP port 389, and secure connections - on the TCP port 636. Follow the listener link to tune the LDAP Listener.

    Note:The pre-4.7 Netscape ® LDAP clients crash if they communicate with a very fast server returning more than 90 records. If your users have this problem, open the Obscure page in the WebAdmin Settings section, and select the Make LDAP Server Slower option. Ask your users to update to the 4.7 or better version of Netscape browser/mailer product.

    Note:The Netscape® LDAP client (version 4.7) does not correctly process the "properties" command - it always tries to connect to the port 389, even if the search was successfully made on a different (for example, secure) port.


    User Authentication

    The LDAP module allows users to employ all authentication methods supported with the CommuniGate Pro Server.


    Central Directory

    When an LDAP client requests "all available info" about a specific account in the Central Directory, the LDAP module returns not only the Central Directory database information, but that user "public info" data, too. Users can update their public info data using the WebUser and ACAP access methods. Unlike the fields included in the Central Directory itself, the Public Info fields cannot be used for search operations.


    Access to Supplementary Databases

    Under construction

    CommuniGate® Pro Guide. Copyright © 1998-1999, Stalker Software, Inc.