This article refers to Barracuda Message Archiver firmware version 5.1 or higher.
The Barracuda Message Archiver authenticates individual users and user group membership based on authentication services you define on the USERS > Directory Services page.
LDAP Configuration Video
Sample LDAP server configuration:
To configure the Barracuda Message Archiver to use your LDAP server for authentication, enter the following details:
- Server Alias – A short name or alias to the LDAP server; used only on the Barracuda Message Archiver to identify this LDAP Server.
- Server Name/IP – The IP address or hostname of your LDAP or Active Directory server.
- LDAP Port – The port used by your LDAP or Active Directory server. Use port 636. For more information, see New Requirements for LDAP Authentication.
- LDAP Encryption – The type of encryption used by your LDAP or Active Directory server. The default value is SSL.
- Verify LDAP Certificate – Verify the LDAP server certificate prior to sending bind request. If set to Yes, you need to upload a CA signed certificate. For help, contact Barracuda Networks Technical Support.
- Bind DN (Username) – The distinguished name (DN) of a user in your LDAP directory that has read access to all the users in LDAP.
- Bind Password – The password for the user you specified in the Bind DN field.
- LDAP Search Base – The base distinguished name (DN) for the directory. For example, if your domain is test.com, your base DN might be dc=test,dc=com.
- UID Attribute – The attribute that contains the user's ID. For Active Directory, it is recommended that you use sAMAccountName. For OpenLDAP, it is recommended that you use uid.
- Shared Mailboxes – Specify whether to search for shared mailbox access in your Active Directory server. When enabled, once a user performs a search on the BASIC > Users page, the User Select drop-down menu displays all mail for that user regardless of whether a domain and Saved Search filter has been applied to that user. Information from Folder Sync (Exchange Integration) tasks are used to determine shared mailboxes users have access to. For shared mailbox information to stay up-to-date, configure a nightly Folder Sync.
Advanced LDAP Options
You can optionally add advanced LDAP filters. Entered values must match any users you want to archive mail for.
- Additional Filter – Used for searching the LDAP server for additional matching entries. Enter the filter the format described by RFC 2254.
For example, to match users only:
- Member Groups Attribute – The LDAP attribute used to identify the groups to which an entry belongs. For example:
Active Directory (recommended):
Novell eDirectory (recommended):
- Group Members Attribute – The LDAP attribute used to identify the members of a group. The Group Members attribute is used to ensure that users can find mail sent to groups to which they belong. For example: