Back to Knowledge Base
May 16, 2016

How to Perform LDAP Authentication with Active Directory or with OpenLDAP Using the "Mail" LDAP Attribute

 


Updated: March 10, 2025

 


Axigen can be configured to perform authentication against an Active Directory or an OpenLDAP server instead of using the internal password database. When using LDAP authentication, by default the username is matched with the uid LDAP attribute for OpenLDAP and with the sAMAccountName attribute for Active Directory.

In some situations, the user's email address may be stored in the mail LDAP attribute and the account part of the user's email address may be different than the value of the default uid or sAMAccountName attributes.

This article describes how to authenticate the Axigen accounts by matching the user's email address against the mail LDAP attribute.

Important: the LDAP connector described in this article should only be used for authentication. It should not be used to perform synchronization between Axigen and the LDAP server.

Solution

In order to change the default LDAP attribute used to match the account name, a custom schema file will be used.

The steps to configure the LDAP connector to use the custom schema file are the ones below:

  1. Create a custom schema file named, for example, schema_mail_auth.cfg. This is a text only file with the following content:
    1. for OpenLDAP authentication: LdapSchema {
      accountObjectClass = "inetOrgPerson"
      accountNameAttribute = "mail"
      matchAccountFullEmailAddress = yes
      accountAdditionalFilter = ""
      }
    2. for Active Directory authentication: LdapSchema {
      accountObjectClass = "user"
      accountNameAttribute = "mail"
      matchAccountFullEmailAddress = yes
      accountAdditionalFilter = ""
      }
  2. Copy the custom schema file to the Axigen working directory, available by default at:
    • /var/opt/axigen/ – on Linux
    • /axigen/var/ – on Docker
    • C:\Program Files\Axigen Mail Server\ – on Windows
    On Linux or Unix systems, change the ownership of the custom schema file to the axigen system user.
     
  3. Edit your LDAP connector to use the custom schema file, as below:
    • navigate into the WebAdmin interface to Clustering → Clustering Setup → "LDAP Connectors" tab
    • click the "Edit" button next to the LDAP connector used for authentication
    • tick the "Use custom schema" checkbox and type the name of the custom schema file in the textbox: schema_mail_auth.cfg
    • click the "Update" button to save the configuration
authentication ldap active directory
Quick link: https://www.axigen.com/kb/show/353 Copy link

Axigen is a premium, scalable, all-in-one Windows & Linux mail server software. A free mail server version is available for personal and lab use, along with the business mail server and the MSP mail server, for Managed Service Providers, which also include features like personal organizer, groupware, AntiVirus, AntiSpam, or advanced security policies. The carrier-class ISP mail server solution completes the Axigen offering and comes with clustering support, delegated administration, extensive APIs, as well as a cloud-native, Kubernetes based deployment option.

Axigen uses cookies. By using our services, you’re agreeing to our Cookie Policy. GOT IT