The integration between the Axigen mail server and the OpenLDAP software package and service is rather straight-forward in the sense that only some initial configuration is involved for the latter solution with the rest of the details being synced from the mail server database automatically. To set up the LDAP service appropriately, you must first make sure the version you are running is compatible with Axigen. You need to be using a LDAP version newer than 2.4. If you are not running a correct version you have to upgrade your LDAP server before attempting to run the sync. It is important to run the latest version of LDAP to make sure the integration is performed as smoothly as possible.
The sync process in OpenLDAP can generate a lot of stress for the application. The LDAP protocol and database structure was created and optimized for few writes and many reads and therefore can generate problems with performance in case a flood of updates (syncs) takes place.
Please check this document for information relevant to OpenLDAP with dynamic configuration.
Once you have a supported LDAP version, you need to configure it appropriately before populating the database. The configuration file should include the correct schemas for the objects to be created and managed:
Also very important, you have to enable support for the second version of the LDAP protocol:
Following are the recommended database options, as well as the indexing options that are normally used for the Axigen entry value (expected) contents:
Of course, you always have to replace the "dc=" sections with the domain name you plan on using and the administrative password which is only provided here for reference purposes. The indexing options should be specified at all times if you plan on having a decent performance for your lookups. Failure to set the indexing options before populating the database may result in additional future configuration overhead to apply this change.
To enable replication support, you need to enable the following configuration options in the LDAP configuration file:
In the above example, the "syncprov-checkpoint" arguments create a new checkpoint every 30 minutes or every 100 operations. Also, the "sessionlog" will be limited to 1.000 entries and if you plan on making (or expect) a lot of syncs to take place in a short while (or at once), you should consider increasing this number of kept records.
Lastly, you have to enable support for "Member-of" support (for groups) if you plan on using this feature:
This concludes the LDAP configuration file contents and requirements. On top of this initial setup you will have to consider a couple of more details before moving on with the integration. First off, if you already have a populated LDAP database you should either use another (different) database for Axigen related syncs or upgrade the current entry layout to match the following design:
-
Root node layout:
-
Organization node layout:
-
Groups unit layout:
-
User unit layout:
Based on the node and unit (entry) layout above you should be able to generate the appropriate LDIF files for your specific scenario. Relevant information on the actual properties attached to the Axigen entries in LDAP can be found in the LDAP schema file called "axigen.schema".
In addition to this approach you may also choose to let Axigen sync the data and automatically create the entries in the LDAP server through the regular update process of the database. In fact the second approach is the recommended one in most cases, except of course if you already have a populated database that may be corrupted during this process.
LDAP routing
The Axigen mail server provides routing options at SMTP In, POP3 Proxy and IMAP Proxy level through its integration with OpenLDAP. LDAP stands for Lightweight Directory Access Protocol. It is a model for Directory Services that provides a data/namespace model for both the directory and a specific protocol.
A directory is a specialized database with a hierarchical structure designed for frequent queries but infrequent updates. Unlike general databases, they don't contain transaction support or roll-back functionality. Directories are easily replicated to increase availability and reliability.
In order to be configured for use within Axigen, OpenLDAP has to already be set up. OpenLDAP installations may very, depending on your preferred operating system. Integrating OpenLDAP with Axigen is a two-step process, as described below:
Configuring OpenLDAP for Axigen
The localdomain.test
address is used as an example. Please remember to edit it accordingly.
-
Run the following command and then place the following text:
-
In order to add users to the LDAP directory, add the following into a file. You may add as many users as you want in this file:
-
Then run the following command:
-
You will be asked for the password you set up in the
/etc/openldap/slapd.conf
file (in our example, "secret"). -
You can test if the user was added using the following command (the second version of the command includes authentication:
-
In order to delete an entry, use the command:
-
To edit an LDAP entry, just use:
Note that you must press another <Enter>
after the modified field.