Using LDAP to Access an Existing User Database
Ipswitch Instant Messaging (IIM) can leverage an existing LDAP user database to authenticate Ipswitch IM users. This will prevent you from having to enter and maintain user data in multiple locations.
To use an existing LDAP database for user authentication:
Configure Ipswitch IM to access an LDAP user database requires specific connection information about the LDAP server. If you do not know this information, contact the LDAP server administrator.
- Open Ipswitch IM Server Manager by selecting .
- Select the category.
- Select from , then click . The LDAP Configuration dialog appears.
- In , enter the hostname of your LDAP server.
- In , enter the number of the port your LDAP server monitors for queries. For most LDAP configurations, the default value of 389 will work.
- Click if you want LDAP queries to be encrypted using Secure Sockets Layer. Your LDAP server must be configured to accept SSL connections for this option to work.
- In , enter the portion of the LDAP schema to use for user authentication.
- In , enter the portion of the LDAP schema to use as a root for finding users.
- In , enter the search string to use to return all users.
- In , enter the search string to use to return one specific user.
- In the section, enter a and of any user in the LDAP database. This information will be used to authenticate any requests by remote servers to import the local user database.
- Click . The LDAP Test Account dialog appears.
- Enter the and of any user on the LDAP server, then click . The results of the test are displayed.
- Make any necessary corrections to the configuration information, then click again. If your test completed without errors, click to save the configuration and exit the LDAP Configuration dialog.
Sample Configurations
Microsoft LDAP/Active Directory Server Sample Configuration
ldapserver.ipswitch.com
389
sAMAccountName=%s,CN=Users,DC=ipswitch,DC=com
CN=Users,DC=ipswitch,DC=com
(&(|(objectClass=user)(objectClass=person))(!description=built-in*))
(&(|(objectClass=user)(objectClass=person))(!description=built-in*))(sAMAccountName=%s))
Ipswitch IMail Server LDAP Sample Configuration
imailserver.ipswitch.com
389
uid=%s,ou=People,o=imailserver.ipswitch.com
ou=People,o=imailserver.ipswitch.com
(|(objectClass=user)(objectClass=person))
(&(|(objectClass=user)(objectClass=person))(uid=%s))
Using LDAP with Non-standard Mappings
If your user database contains unusual or non-standard field names, you can still use the database to authenticate Ipswitch IM users by modifying the Ipswitch IM Server mapping data in the Windows registry.
Changing the standard field mappings requires editing the Windows registry. You should always back-up your registry before modifying it directly.
To modify the mapping data:
- Open the windows Registry Editor by selecting and entering regedit. Click .
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\Messenger Server\Settings\LDAP.
- Modify the registry strings to match your configuration, then exit the Registry Editor.
The keys that can be modified include:
- is the name of the LDAP attribute you want to map to the DisplayName attribute in Ipswitch IM. If you are using Ipswitch IMail Server LDAP, change this value to CN.
- is the name of the LDAP attribute you want to map to the Email attribute in Ipswitch IM.
- is the name of the LDAP attribute you want to map to the Username attribute in Ipswitch IM.
- For using Ipswitch IMail Server LDAP, change this value to
UID. - For using Active Directory, change this value to
sAMAccountName.
- is the name of the LDAP attribute you want to map to the WebSite attribute in Ipswitch IM.
Other registry keys are more easily modified through the LDAP Configuration dialog (accessible by clicking the button on the Ipswitch IM Server Manager's category).
General (Settings)
Using a Windows NT User Database
Using an Ipswitch IMail Server User Database