• News
• Download
• Documentation
  • Overview
  • Architecture
  • Installation
  • Configuration
  • Admin tool
  • Database
• Roadmap
• Mailing Lists
• Privacy
• FAQ

LDAP support in Archiveopteryx

Archiveopteryx can perform LDAP authentication using (almost?) any LDAP server. OpenLDAP and Microsoft AD are known to work.

When an IMAP, POP, Sieve or SMTP client attempts to authenticate, Archiveopteryx connects to the LDAP server and authenticates using the the user's LDAP DN and the supplied password. If the LDAP server accepts that, Archiveopteryx turns around and accepts the client (and logs out from the LDAP server).

Each user's LDAP DN must be set in the users table. If DN is set for only some users, not all, then Archiveopteryx uses LDAP authentication only for those users.

The LDAP server hould be local to the Archiveopteryx server; Archiveopteryx will retransmit the user-supplied password unencrypted. If a distant LDAP server has to be used, we recommend establishing a VPN.

Microsoft AD does not allow anonymous clients to authenticate (bind in LDAP parlance) by default. If that seems strange to you, don't despair, just follow the magic recipe from Technet and all will be well.

In case of questions, please write to info@aox.org.

Relevant links

• Other Protocols Supported:
  POP, SMTP, LMTP, SASL, SIEVE, TLS

About this page

Last modified: 2011-05-13
Location: aox.org/ldap/