Administrator's Guide - Kerio Software Archive

Chapter 7 DomainsBackup directory serverDNS name or IP address of the backup server with the same LDAP database.Note: If the secured version of LDAP service is used for connection, it is necessary toenter also the DNS name to enable the SSL certificate’s verification.Active Directory Domain NameIf the domain name differs from the name defined in Active Directory, match this optionand insert a corresponding name into the Active Directory Domain Name text field.Click the Test connection button to check the defined parameters. The test is performed on theserver name and address (if it is possible to establish a connection with the server), usernameand password (if authentication can be performed) and if Kerio Active Directory Extensions areinstalled on the server with Active directory (see chapter 29).Note: Cooperation with the LDAP database that has been described above has nothing to dowith the built-in LDAP server. The built-in LDAP server is used to access contact lists frommail clients (for details refer to the chapter 19). If Kerio MailServer is installed on the samecomputer as the Active Directory, it is necessary to avoid collisions by changing a port numberfor the LDAP service (Configuration → Services).Apple Open DirectoryTo enable Kerio MailServer to cooperate fully with Open Directory (i.e. to enable the databaseto store all data about user accounts — see chapter 13.2), install the Kerio Open DirectoryExtensions on the Open Directory Master and all replica servers. For details see the chapter 30.Map user accounts and groups...Use this option to enable/disable cooperation with the LDAP database (if this option isinactive, only local accounts can be created in the domain).TypeType of LDAP database that will be used by this domain. There are two alternatives ofmapping of Apple Open Directory accounts that differ in authentication method. Twoauthentication methods can be used in Apple Open Directory: authentication against thepassword server and Kerberos authentication.The first method (authentication against the password server) provides the followingbenefit. It is not necessary to perform any special settings at the server where KerioMailServer is installed. However, there are also certain disadvantages:• This authentication method is obsolete and less secure.• Users are not allowed to change their user passwords on their own (in the Kerio Web-Mail interface).• The Apple company has ended support for this authentication method.• This authentication method is enabled only if Kerio MailServer is installed on Mac OSX.Still, authentication against the Kerberos server is more modern and secure. On the otherhand, this authentication method requires additional settings at the server where KerioMailServer is installed. For detailed information on these settings, see chapter 24.72