You see an automatic translation. Please switch to our English original page in case of comprehension problems.
+49 (0) 7245 919 581 info@eunetic.com
Login
  1. Home
  2. EuropeanMX Knowledge Base
  3. EuropeanMX General
  4. Is LDAP synchronization supported? How can we set this up?
europeanMX
Knowledge Base

Is LDAP synchronization supported? How can we set this up?

LDAP allows your email users to log in to the EuropeanMX spam panel using their existing email credentials. This means that users only have to remember one credentials instead of two.

Currently we can only offer LDAP for AD (Microsoft), OpenLDAP and Zimbra!

2-factor authentication can also be used with LDAP. However, password changes or restores are no longer possible because the credentials are stored and managed on your LDAP server. Normally, e-mail users cannot be added or simply removed, as they are automatically added again when LDAP is activated. The only reason to add one or more users is to prevent them from logging into the EuropeanMX spam panel. To do this, you can simply set the status to inactive.

LDAP is only supported at email user level. Access for the domain admin is not supported by LDAP. For this reason, your e-mail address (e.g. test@example.de) must also be used as the user name. So for LDAP integration to work with our spam panel, the LDAP server must authenticate an email address, not the user name.

How can I enable LDAP authentication?

Log into the spam panel as domain admin and select "Manage e-mail users" under "Users & Permissions". In this view you can find the option "LDAP authentication". You must add the following values there:

  • Authentication mode
    Select the "AD" mode when using ActiveDirectoy (e.g. Exchange). Use the "LDAP" mode with a simple LDAP (e.g. Zimbra or OpenLDAP).
  • Domain Controller
    This option allows you to switch between using LDAP authentication for email users (if the domain controller is specified) and normal authentication (leave entry blank). To activate, please enter the IP or the host name of the domain controller. E.G.
    Domain controller: ldap.example.de
    Port: 389 (insecure) or 636 (TLS)
    -> ldap.example.de:636
  • Security protocol
    If you want to use a secure connection for LDAP authentication, select either TLS or SSL here.
  • BaseDN
    This should be the starting point of the DNs, which contains all users of your domain and no foreign users. If the DN of the user is "CN=test,CN=users,DC=exchange,DC=example,DC=de", then the value of the field should be "CN=Users,DC=exchange,DC=example,DC=de".
  • BindDN Format
    If you want to override the bind username that is passed to your server, then you can use this option. For example, if your userPrincipalName format is user@domain.local, then enter %(user)s@domain.local.
  • Search Base
    Enter here the LDAP/AD value that the service should search for at login time and which uniquely identify your users. For example, if the user is test@bw.beispiel.de and there is an LDAP attribute such as sAMAccountName : test, then you can specify "sAMAccountName" in the field "Search base". If there is no such attribute, but there is one that also contains the domain name (e.g. userPrincipalName: test@bw.beispiel.de"), then you can use "userPrincipalName=%n" to append the domain name. Other possible values you can use are sAMAccountName, CN, uid.

Once LDAP is set up, the credentials are automatically verified by us the first time an email user attempts to connect.

If EuropeanMX is unable to connect to your LDAP server for any reason, the locally cached access data will be checked.

What are the requirements for using LDAP synchronization?

  • All fields must be filled correctly in the LDAP settings.
  • Your LDAP server must allow registration with the e-mail address in the following format: user@ldap.example.com.
  • An LDAP attribute must be used that uniquely identifies the user with or without specifying a domain. For example, sAMAccountName= test or userPrincipalName= user@ldap.example.de
  • Users' email addresses can be different from the current LDAP user. In these cases, however, the user must continue to use the logon data of the LDAP user and not that of the e-mail address.
  • The users must have the mail LDAP attribute.

Single sign-on alternatives

  • If you have the LDAP user names and passwords and you want to provide a new mailbox, you can synchronize the logins with the API or simply forward the details via API.
  • EuropeanMX has a feature to automatically activate reporting for a new recipient and send the user a welcome message by email with the required credentials. By activating this function, all valid users of your domain are automatically added to the "Periodic User Report" overview. Subsequently, the user receives a daily or weekly e-mail with a summary of the received spam messages of his e-mail address. Furthermore, as soon as the first spam message is detected, a welcome message is sent to the user to inform him about the activation of his personal quarantine. In addition, the message contains a login link with which he can log in directly to the spam panel. With the first login, the user is added to the "Manage e-mail users" list.

LDAP User Verification

To avoid the need for data duplication, EuropeanMX uses advanced SMTP-based recipient verification calls. Your SMTP server does the local LDAP search to ensure that our system always processes the emails for your mailboxes correctly. To protect your SMTP and LDAP servers from flooding with queries, we have added an advanced dictionary attack handling to our system. This system is fully automatic, no access data from our side is required.

Back to the index...
Was this article helpful?
No Yes
We use cookies for the technical functionality of this website. With your consent, we also collect page views and other statistical data in anonymized form.

Only required
Accept all
Select individually
Cookie Settings
Read Privacy Statement