Documentation for Kerio MailServer

Mail clients settings

The following information should be considered to enable a mail client to access contacts stored in Kerio MailServer by the LDAP protocol.

LDAP server

DNS name (e.g. mail.company.com) or IP address (e.g.192.168.1.10) of the host that Kerio MailServer is running on.

Username and Password

This data is used by users to log into the LDAP server (equal to the name and password for user login to mailboxes). The LDAP server in Kerio MailServer does not support anonymous logins the user login is always required.

Security, Port

Select, whether the secure or non-secure version of LDAP protocol should be used. If you do not use standard port insert a corresponding port number. Note:TLS is not supported.

Search base

If you want to access all public, shared and your own files, leave this entry blank or insert fn=ContactRoot Specify appropriate branch of the LDAP database in more details to allow access only to certain contact types. Users can limit the search criteria for faster and more efficient results. This will be better understood through examples: cn=john@company.com,fn=ContactRoot it will be searched only through contact files of the user john@company.com fn=personal,fn=ContactRoot it will be searched only through contact files of users that are logged into the LDAP server. This option is very similar to the previous one, however, username (defined by email address) is not required. This feature can be used for example for configuration of more clients, etc. fn=public,fn=ContactRoot it will be searched only through public contact files fn=Contacts,cn=john@company.com,fn=ContactRoot it will be searched only through the Contacts folder of the user fn=PublicContacts,fn=public,fn=ContactRoot it will be searched through the public PublicContacts folder only

Warning:Public or shared files are browsed only if the user has subscribed to them (independetly from the settings described above)

Example of Configuration Outlook Express

The client configuration for enabling the search of contacts through LDAP is explained in the following example using Microsoft Outlook Express.

The LDAP account is defined in the Tools Accounts Directory Service menu. New accounts can be added with the wizard, however, you must open the Properties dialog to define all the required parameters.

General folder:

Figure 1. LDAP server settings General tab

Name of the account

Definition of the account name (for informative purposes only)

Name of the server

DNS name or IP address of the host where Kerio MailServer is running (e.g. mail.company.com or 192.168.1.10).

This server requires me to log on

Check this option. In Kerio MailServer, the LDAP server does not support anonymous access.

Account name, Password

Insert your username and your password for login to the server (identical with your name and password for login to your mailbox).

Log on using Secure Password Authentication

When this option is enabled, passwords will be sent securely through NT domain authentication (SPA/NTML). This authentication method is not supported by the LDAP server in Kerio MailServer therefore it must be disabled. Note:We recommend using the secure version of the LDAP service (SSL) for encrypted user authentication.

Check names against this server when sending mail

If this option is enabled, personal email addresses will be searched for automatically when a message is sent. This means that names can be used instead of full email addresses in the To field (or Copy To or Blind Carbon Copy To). The appropriate email addresses will be changed when the email is sent. Note:If an inserted name cannot be found, the message will not be sent by MS Outlook Express and the user must correct the name or insert the full email address. If there are more addresses for one name, a dialog for user / address selection will be opened.

Advanced folder:

Figure 2. LDAP server settings Advanced tab

Server Port Number

Port the LDAP service is running on. The Use Default button will set the standard port number (depending on the on/off mode of SSL see below).

This server requires a secure connection (SSL)

A secure connection is activated or inactivated with this option. Set the SSL security system according to Kerio MailServer services configuration (for details, see chapter Services) or according to your security policy (see chapter Advanced Options).

Search timeout

If there is a large LDAP database or the connection is slow, the search can take a long time. To prevent undesirable periods of inactivity you can limit the time that Outlook Express will wait for an answer before terminating the request. Note:If the LDAP server is located within the same local network as the client, the search should take almost no time.

Maximum number of matches to return

If the specifications of the item searched are too broad (e.g. most of the recipient's name is not included), the search may result in many items found. Limiting the maximum number of matches can reduce the search time as well as line traffic. If a large number of items are returned, a new search should be performed using more narrowly defined specifications.

Search base

Here you can specify location of contact folder in the LDAP database (see above). If you leave this entry blank, all subscribed folders will be scanned (public and shared).

Use simple search filter

This option reduces the number of database items that will be searched. This will make the search faster, however, the search potential will be reduced. We recommend not to use this option.