LDAP Configuration


LDAP integration gives you the ability to leverage your directory information to provision and manage archive users and related attributes.  LDAP integration is designed to help you streamline user provisioning, management, and authentication. This feature is mainly designed to  relieve the administrator(s) from the hassles of manually managing archive users.

Notes: LDAP support needs to be enabled at the account level first by the OEM administrator to appear in the Account Admin settings page. The sn, given name, mail, username, and password have to be filled out on the LDAP server for integration to successfully complete.

Video - LDAP integration


In order to establish a connection between your LDAP server and your archiving provider, please follow the following steps:

        1. Go to the LDAP integration tab:
                1.1 Log in as an administrator
                1.2 Go to the Admin section and go to the SETTINGS tab.
                1.3 Click on the LDAP integration tab.

        2. Provide your LDAP server connection settings:
                2.1 LDAP Server - Hostname or IP address for the LDAP server.
                2.2 Port - Enter the port number: 636 can be used for LDAP over SSL.


    * By default, servers that are performing user authentication and management connects to the customer LDAP server using LDAP over SSL (port 636).
    * The administrator is not able to choose to use standard LDAP (port 389 by default) rather than LDAP over SSL (port 636).
    * The administrator can provide any port number as long as it is configured with his LDAP server and uses a secure (SSL) connection.

Screenshot - LDAP server connection

        3. Provide your username and password for the LDAP integration account:
                3.1 Service User Name - The distinguished name of an account with permission to search the LDAP directory. This is basically an account with permission to query the LDAP server.
                3.2 Service Password - Password on the network, for read-access only to the LDAP server.

Screenshot - User name and password

        4. Describe how the service should locate and identify archive users:
                4.1 Base DN - The distinguished name of the users container or Active Directory tree.
                4.2 User Filter* - The filter that should be used to identify users that should have access to the archive.
                4.3 Pull in all e-mail aliases associated with user accounts - Select this checkbox to synchronize all e-mail addresses associated with user accounts. This will pull primary, aliases, and all proxy addresses for your end users populating their My Archive accounts accordingly.

* User Filter is an LDAP filter string that is used to select those records within the base DN.

Screenshot - Base DN and user filter


It is important that you test your LDAP configuration, before saving any settings you provided. In order to do so, follow a simple three steps process:

        1. Test User Name - Provide a user name for a user account that should have access to the archive. It will be used to validate the settings you provided above.
        2. Test Password - Provide a password for the test account. This password won't be saved.
        3. Click on Test Config to test the accuracy of your LDAP configuration settings.

Screenshot - Testing your LDAP configuration

Test configuration fails

In case your test configuration fails, you will see a message displayed below the Test Config button telling you what errors there are and which fields need to be modified.

Screenshot - Test config fails

Test configuration succeed

In case your test configuration succeeded, you will see a message displayed below the Test Config button telling you that your LDAP configuration settings are accurate and that the test succeeded.

Screenshot - Test config succeed

Once you are done testing your LDAP configuration and that the archive system has validated your LDAP configuration settings, click on Save Settings at the bottom of the page to save your settings and enable LDAP integration.


Below are few configuration examples showing LDAP configured accounts for OpenLDAP, Microsoft Active Directory, and Novell eDirectory.

Screenshot - LDAP integration - OpenLDAP example

Screenshot - LDAP integration - Microsoft Active Directory example

Screenshot - LDAP integration - Novell eDirectory example