How to perform LDAP authentication with Active Directory or with OpenLDAP using the "mail" LDAP attribute

Axigen can be configured to perform authentication against an Active Directory or an OpenLDAP server instead of using the internal password database. When using LDAP authentication, by default the username is matched with the 'uid' LDAP attribute for OpenLDAP and with the 'sAMAccountName' attribute for Active Directory.

In some situations the user's email address may be stored in the 'mail' LDAP attribute and the account part of the user's email address may be different than the value of the default 'uid' or 'sAMAccountName' attributes.

This article describes how to authenticate the Axigen accounts by matching the user's email address against the 'mail' LDAP attribute.

Important: the LDAP connector described in this article should only be used for authentication. It should not be used to perform synchronization between Axigen and the LDAP server.

Resolution

In order to change the default LDAP attribute used to match the account name, a custom schema file will be used.

The steps to configure the LDAP connector to use the custom schema file are the ones below:

  1. Create a custom schema file, named for example schema_mail_auth.cfg . This is a text only file with the following content:
    1. for OpenLDAP authentication: LdapSchema {
      accountObjectClass = "inetOrgPerson"
      accountNameAttribute = "mail"
      matchAccountFullEmailAddress = yes
      accountAdditionalFilter = ""
      }
    2. for Active Directory authentication: LdapSchema {
      accountObjectClass = "user"
      accountNameAttribute = "mail"
      matchAccountFullEmailAddress = yes
      accountAdditionalFilter = ""
      }
  2. Copy the custom schema file to the Axigen working directory, available by default at:
    • /var/opt/axigen/ - on Linux and Solaris systems
    • C:\Program Files\Axigen Mail Server\ - on Windows systems
    • /var/axigen/ - on FreeBSD systems
    On Linux or Unix systems change the ownership of the custom schema file to the axigen system user.
  3. Edit your LDAP connector to use the custom schema file, as below:
    • navigate into the Webadmin interface to Clustering -> Clustering Setup -> 'LDAP Connectors' tab
    • click the 'EDIT' button next to the LDAP connector used for authentication
    • tick the 'Use custom schema' checkbox and type the name of the custom schema file in the textbox: schema_mail_auth.cfg
    • click the 'Update' button to save the configuration
Applies to
Releases: Axigen 10.0.x
OS: LinuxWindowsFreeBSDSolaris