LDAP Integration - Managing End Users
LDAP integration gives you the ability to leverage your
directory information to provision and manage archive users
and related attributes. This feature is mainly designed to
relieve administrator(s) from the hassles of manually managing
the archive users.
The administrator will not be able to shift native users to
LDAP-enabled users. If the admin wants to have only
LDAP-enabled users, he has to delete all the native users and
then enable LDAP integration so that users can use their
network credentials to log in. A quick way to put it is that
with LDAP, it is all or nothing!
Even though LDAP integration is enabled, the administrator still has the ability to manually create non-LDAP users. Two options remains available, the administrator can either create users on an individual basis or create users in bulk.
Non-LDAP users have to be created by a customer, OEM, or
archiving provider Admin and given a temporary password. The
first time they login, they will be forced to change their
If LDAP integration is enabled, users can self-register using
their network credentials. In which case they keep the
password they used to sign up. Upon configuring the LDAP
integration, the administrator has the option to choose
whether or not he wants all proxy addresses (aliases, etc.) to
be pulled and synchronized alongside the users' primary SMTP
addresses. This enables end users to see in My Archive mail
for all their email addresses associated with their user
account on the LDAP server.
* Users will only be able to leverage the directory integration feature set if you (the administrator) enable it.
users whose account information and attributes are managed via
directory/LDAP synchronization will be able to leverage LDAP
* Users that are configured for LDAP authentication will not be able to recover their passwords in the archiving system.
If the administrator choose to enable users to login using
their last known good password, in the event that the LDAP
server of unreachable, passwords stored in the system will
never be visible by the administrator or your archiving
* Microsoft Active Directory: Domain users can use their old passwords to access the network/archive for one hour after the password is changed. If you want to disable a user access to the archive, changing his/her password will be fully effective only one hour later. As a best practice, we recommend that the Admin disable the employee account.