This article focuses on the integration between the AXIGEN messaging solution and the eDirectory Services product developed by Novell.
AXIGEN ConfigurationPrior to proceeding with the AXIGEN / eDirectory Services authentication configuration, you need to enable the LDAP interface for the Novell eDirectory service. Please consult the eDirectory user manual provided by the product vendor on how to achieve this if not already enabled.
Before the AXIGEN server can authenticate account credentials using eDirectory, you need to create an LDAP connector suited for this process:
- Log in with an administrative user that has sufficient privileges in the AXIGEN WebAdmin interface;
- Go to the LDAP Connectors tab in the Clustering Setup context;
- Add a new LDAP connector or edit an already existing one;
- Enter the IP / Hostname and Port values that reflect the eDirectory configuration;
- Specify the server type as OpenLDAP, as it closely resembles the eDirectory setup;
- Select the Use anonymous bind radio button;
- Enter the Account base DN value. Should look similar to dc=novell, dc=local;
- Leave the other options unchanged (should be set to defaults if already modified) and save the new configuration.
Next, the authentication method has to be changed in the AXIGEN configuration. Note that this setting is global and affect all services that interact with account login processes:
- Go to the Routing and Authentication tab in the Clustering Setup context.
- In the Authentication Type section, select LDAP Password from the drop down box.
- Select the Novell eDirectory connector you configured in the second drop-down box.
- Click the Save Configuration button at the bottom of the page.
After these two procedures are complete, the AXIGEN Mail Server services will perform a LDAP lookup for the uid attribute of each eDirectory entry and match it against the AXIGEN account name. This enables all accounts to log in using their eDirectory credentials and perform a bound lookup after being correctly authenticated.
Final ConsiderationsIf two or more eDirectory entries have the same UID, none of them will be able to authenticate. To prevent this, make sure the eDirectory configuration is Posix compliant and all UID values are unique. By default the Novell eDirectory Services configuration does not allow the addition of entries with non-unique UID attributes, so in most of the standard installations this should not be an issue.
The AXIGEN LDAP synchronization feature is impossible to integrate with eDirectory as many of the attributes that need to be constantly updated by the server on change detection (i.e. configuration updates) are read-only. Unfortunately this behavior can only be changed with heavy administrative overhead and potential data loss and is not recommended.