LDAP Integration - Managing End Users


LDAP integration gives you the ability to leverage your directory information to provision and manage archive users and related attributes. This feature is mainly designed to relieve administrator(s) from the hassles of manually managing the archive users.


The administrator will not be able to shift native users to LDAP-enabled users. If the admin wants to have only LDAP-enabled users, he has to delete all the native users and then enable LDAP integration so that users can use their network credentials to log in. A quick way to put it is that with LDAP, it is all or nothing!


Even though LDAP integration is enabled, the administrator still has the ability to manually create non-LDAP users. Two options remains available, the administrator can either create users on an individual basis or create users in bulk

Non-LDAP users have to be created by a customer, OEM, or archiving provider Admin and given a temporary password. The first time they login, they will be forced to change their password.

If LDAP integration is enabled, users can self-register using their network credentials. In which case they keep the password they used to sign up. Upon configuring the LDAP integration, the administrator has the option to choose whether or not he wants all proxy addresses (aliases, etc.) to be pulled and synchronized alongside the users' primary SMTP addresses. This enables end users to see in My Archive mail for all their email addresses associated with their user account on the LDAP server.


    * Users will only be able to leverage the directory integration feature set if you (the administrator) enable it. 

    * Only users whose account information and attributes are managed via directory/LDAP synchronization will be able to leverage LDAP for authentication.

    * Users that are configured for LDAP authentication will not be able to recover their passwords in the archiving system.

    * If the administrator choose to enable users to login using their last known good password, in the event that the LDAP server of unreachable, passwords stored in the system will never be visible by the administrator or your archiving provider.

    * Microsoft Active Directory:  Domain users can use their old passwords to access the network/archive for one hour after the password is changed. If you want to disable a user access to the archive, changing his/her password will be fully effective only one hour later. As a best practice, we recommend that the Admin disable the employee account.