Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SMTP Authentication via LDAP (Authenticate to Kerio Connect via a Email Router)
  •  
hbgs

Messages: 3
Karma: 0
Send a private message to this user
I have KMS 7.2 installed and configured. I am using LDAP from KMS to my Windows AD. Everything between Kerio and the Windows AD works great. I can authenticate fine from the local lan.

My issue is with authenticating from a remote network passing through a Email Appliance. The email appliance has directory services but when I try to set up the LDAP to Kerio I am not having much success.

I have looked everywhere, but I can not find the information for the following settings to connect my email appliance to the KWS' LDAP to authenticate.

I have tried this:
Server: <kerio connect server ip>
Port: 636
Protocol: LDAPS
DN to Authenticate: <blank>
Password: <blank>
Base DN for User/Groups: <blank>
Account Attribute: uid
Email Attribute: mail
Email Alias Attribute: mailAlternateAddress
Group Name Attribute: <blank>


I've also tried this:
Server: <kerio connect server ip>
Port: 636
Protocol: LDAPS
DN to Authenticate: Administrator@<domain>
Password: <adminpassword>
Base DN for User/Groups: <blank>
Account Attribute: uid
Email Attribute: mail
Email Alias Attribute: mailAlternateAddress
Group Name Attribute: <blank>


For both of them, the login and credentials all pass. However, the account, mail, and mail alias attributes fail. Does anyone know how to set this up properly so that I can authenticate through the email appliance to the Kerio which is authenticating to my Windows AD? (again: Local Lan authentication through KWS works great. No issues there.)

Thank you in advance,

HB

*Edit: /s/KWS/KMS

[Updated on: Thu, 16 June 2011 22:05]

  •  
hbgs

Messages: 3
Karma: 0
Send a private message to this user
Update: When I use the 2nd configuration above, I get the following error in the Security Log:
LDAP: Invalid password for user inetOrgPerson<_at_>localhost. Attempt from IP address xxx.xxx.1.2.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Maybe I'm thick, but why not authenticate the email appliance against AD? Unless something changed recently, Kerio Connect's LDAP is very limited and is only capable of looking up (autocompleting) mail addresses. Everything's stored in AD anyway for these types of users. Ask the source ...
  •  
hbgs

Messages: 3
Karma: 0
Send a private message to this user
Thank you for the response. I had read a bit about the LDAP integration with Kerio, and thought that may be the case.

As far as directly authenticating to the DC, I would rather not do that because that's another port open from the dmz to the local lan. Also, the DC is a different domain than the email. I was able to bypass this by using the "different domain" option in Kerio. This allows the user to authenticate to the DC from KMS using the domain on the KMS instead of the domain on the DC.

I'll mess around with the authentication.

Thank you again,

HB
Previous Topic: Let groups send to mailinglist, but not the world
Next Topic: Login Username different than Email-Adress
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 20:25:31 CET 2017

Total time taken to generate the page: 0.00359 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.