Table of Contents

3. Mail Server Architecture

3.1. Generic Server Configuration

3.1.1. Running Services

3.1.2. Other Generic Server Parameters

3.1.3. DNR Settings

3.2. Services and Modules

3.2.1. SMTP Receiving

3.2.2. Processing

3.2.3. SMTP Sending

3.2.4. POP3

3.2.5. IMAP

3.2.6. Logging

3.2.7. Reporting

3.2.7.1. Reporting Parameters

3.2.8. WebMail

3.2.9. Storage

3.2.10. FTP Backup Service

3.2.11. RPOP Service

3.3. Connectivity and Threading

3.3.1. Listeners

3.3.2. Rules

3.3.3. Threads

3.4. Clustering Support

3.4.1. Cluster Overview

3.4.1.1. LDAP Introduction

3.4.1.1.1. Basic Directory Setup

3.4.1.1.2. LDAP Entry Structure

3.4.1.1.3. LDAP Authentication

3.4.1.2. AXIGEN Mapping System

3.4.1.3. AXIGEN Authentication System

3.4.1.4. AXIGEN Front-End Services Setup

3.4.1.4.1. The SMTP Proxy

3.4.1.4.2. The IMAP and POP3 Proxies

3.4.1.4.3. The WebMail Proxy

3.4.1.4.4. Mapping Setup

3.4.1.5. AXIGEN Back-End Services Setup

3.4.2. LDAP Routing

3.4.2.1. Configuring Mapping Parameters

3.4.2.2. POP3 Proxy Service

3.4.2.3. IMAP Proxy Service

3.4.2.4. Webmail Proxy Service

3.4.3. AXIGEN LDAP Authentication

3.4.4. Integrating Active Directory into a cluster environment

3.4.5. Exotic Cluster Setups

3.5. Groupware and collaboration

3.5.1. Personal Organizer & AXIGEN Outlook Connector

3.5.2. Folders and permissions

Previous | Next | Up | Table of Contents

3.4.1.1.3. LDAP Authentication

The authentication process in a clustering environment can be performed either on the front-end or back-end nodes. This is why, depending on the setup to be deployed, LDAP authentication may not be required. A good example of such setup is the one-tier cluster.

To delegate the authentication process to the proxy servers, a user password property must exist in all directory entries. Using the information stored in that field, the proxy service can compare the information provided by the client with what it found as a result of the lookup.

WARNING: If the authentication is set to be performed using LDAP and the property does not exist, or is not defined, the authentication process will always fail and the user will be locked out of his account permanently.

The password may contain information in one of the following formats:
  • Clear text is a rather insecure method of storing passwords, but has very low processing power requirements. In addition, the speed at which the authentication process is performed is greater than for any of the other formats.
  • Plain text will allow the password to be retrieved without binding to the LDAP server, but it will be encoded in base64 format. The password can easily be recovered if public access to the LDAP server is allowed.
  • Encrypted hashes is the most secure method of storing passwords. However, they can be retrieved only by binding to the LDAP server using a privileged account. The connector should be set to bind and the account details should be filled in before attempting to use this format.
The authentication process takes place on the front-end systems only if LDAP authentication is enabled for the proxy services. The authentication itself is actually performed twice, once on the front-end and once on the back-end. This would appear useless, while in fact, with the help of the front-ends only valid authentication requests will reach the back-end systems. Another advantage for using front-end authentication is preventing third-parties from ever reaching the back-end systems directly. This is a very important security feature and should be enforced as often as possible.

NOTE: The authentication process depends on the success of the user entry lookup in the directory. If the account is not found, then the authentication process will fail.

NOTE: LDAP Authentication can also be used for regular services on the back-end systems. This is actually recommended for speed increase and maintaining the overall cluster integrity and stability.

For more detailed information please see AXIGEN Authentication System and AXIGEN LDAP Authentication.
Top | Previous | Next | Up | Table of Contents