In some situations the user's email address may be stored in the 'mail' LDAP attribute and the account part of the user's email address may be different than the value of the default 'uid' or 'sAMAccountName' attributes.
This article describes how to authenticate the Axigen accounts by matching the user's email address against the 'mail' LDAP attribute.
Important: the LDAP connector described in this article should only be used for authentication. It should not be used to perform synchronization between Axigen and the LDAP server.
Solution
In order to change the default LDAP attribute used to match the account name, a custom schema file will be used.
The steps to configure the LDAP connector to use the custom schema file are the ones below:
-
Create a custom schema file, named for example schema_mail_auth.cfg . This is a text only file with the following content:
- for OpenLDAP authentication:
LdapSchema {
accountObjectClass = "inetOrgPerson"
accountNameAttribute = "mail"
matchAccountFullEmailAddress = yes
accountAdditionalFilter = ""
} - for Active Directory authentication:
LdapSchema {
accountObjectClass = "user"
accountNameAttribute = "mail"
matchAccountFullEmailAddress = yes
accountAdditionalFilter = ""
}
- for OpenLDAP authentication:
LdapSchema {
-
Copy the custom schema file to the Axigen working directory, available by default at:
- /var/opt/axigen/ - on Linux and Solaris systems
- C:\Program Files\Axigen Mail Server\ - on Windows systems
- /var/axigen/ - on FreeBSD systems
-
Edit your LDAP connector to use the custom schema file, as below:
- navigate into the Webadmin interface to Clustering -> Clustering Setup -> 'LDAP Connectors' tab
- click the 'EDIT' button next to the LDAP connector used for authentication
- tick the 'Use custom schema' checkbox and type the name of the custom schema file in the textbox: schema_mail_auth.cfg
- click the 'Update' button to save the configuration