Overview

This article provides detailed steps to map users from a specific Organizational Unit in Kerio Connect, which may be useful in cases when you want to differentiate between additional Active Directory and LDAP (Lightweight Directory Access Protocol) containers.

 

---

 

Information

The LDAP database can use containers to differentiate between objects. An Organizational Unit is the full name of the LDAP object. To use Organizational Units with the Kerio Connect domain mapping, you need its Distinguished Name (DN).

Kerio Connect maps users from the default LDAP location, which is defined by the DN in this format: dc=domain,dc=com. 

There are two (at least) domains on Kerio Connect server mapping users from the same directory service. Both email domains on the Kerio Connect server contain the same users. There is a need to differentiate between users according to the email domain to which the user belongs.

By default, the Kerio Connect maps all users from all containers in the Active Directory, as this is the top-level structure of the Active Directory tree.

 

---

 

Process

Warning: The instructions below include changing the configuration file. If the instructions are not followed correctly, they may cause problems with the functioning of the product. Only proceed if you are comfortable doing so. It is also good practice to take a backup before making any changes.

1. Configure Active Directory mapping. For additional information, refer to Connecting Kerio Control to Active Directory Service.

2. Stop the Kerio Connect service.

3. Open the mailserver.cfg configuration file, which is located in the installation directory.

4. Locate the <list name="Ldap"> value in the configuration file.

5. In this section of the configuration file, locate your domain definition as highlighted in the below example:

   <listitem>
   <variable name="Domain">demo.domain.com</variable>
   <variable name="ServerName">192.168.65.5</variable>
   <variable name="ServerPort">389</variable>
   <variable name="BindDn">Administrator@test.lab</variable>
   <variable name="BindPassword">DE3:f4cc0ffcf...1d0</variable>
   <variable name="MapFile">ads.map</variable>
   <variable name="Filter"></variable>
   <variable name="UserBaseDn">dc=domain,dc=com</variable>
   <variable name="GroupBaseDn">dc=domain,dc=com</variable>
   <variable name="Description"></variable>
   <variable name="Enabled">1</variable>
   <variable name="PrimaryRefreshInt">30</variable>
   <variable name="LdapNetworkTimeout">10</variable>
   <variable name="SecureConnection">0</variable>
   </listitem>

6. Change the UserBaseDN and GroupBasedDN search locations according to your path. In this example, the location was changed to the Support department:

   <variable name="UserBaseDn">ou=Support,dc=domain,dc=com>/variable>
   <variable name="GroupBaseDn">ou=Support,dc=domain,dc=com>/variable>

7. Save the configuration file.

8. Start the Kerio Connect service.

 

Back to top

---

 

Confirmation 

Kerio Connect now differentiates between additional Active Directory and LDAP containers.

Back to top