Netmail Archive 6.1+
Starting with Netmail 6.1 there is no longer the need to use/maintain the default 'netmail' account. Administrators now have the ability to create new admin users, either locally in the Netmail product or residing remotely in an Active Directory group. This article will explain how to create the authentication route for those new admins being pulled from AD.
To create an Admins Users route, login to the Netmail administration console, choose netmail Services > Admins Users. Click Add Route.
- Host: Enter the host IP address and the port number of the LDAP server.
- Encryption: Select SSL if you want to apply the SSL to the admins authentication.
- LDAP Version: Select either 2 or 3 as your LDAP version.
- Authentication DN: Enter the authentication DN of a user with enough rights to browse the LDAP directory, using Distinguished Name identifier syntax (e.g., ou=department,dc=example,dc=com).
- Password: Enter a password for the LDAP directory.
- Base DN: Enter the base DN of the LDAP directory, using Distinguished Name identifier syntax (e.g., ou=department,dc=example,dc=com).
- User Class Names: Enter the names of the user classes.
- Excluded Class Names: Enter the names of the user classes that you want to exclude, not required for Admin Users Auth Route*.
- Naming Attribute: Enter a naming attribute, E.G. sAMAccountName.
- Naming Prefix: Enter a naming prefix, not required if Naming Attribute is sAMAccountName.
- Disabled Attribute: Enter a disabled attribute, not required for Admin Users Auth Route*.
- Disabled Value: Enter a disabled value, not required for Admin Users Auth Route*.
- Group Membership Attribute: Enter a membership attribute for the group lookup, E.G memberOf.
- Group DN: Enter the DN of the group.
- *Auth Routes are used in different Netgovern products for lookups against different directories, not all options are required in all cases
Once you have the route configured you need to test it to make sure the authentication is possible. Click Test...
- User: Enter the naming attribute for an account that is part of the target group
- Password: Enter the password for the account.
- Bogus User: Enter a user that is not part of the group.
Click Test Authentication.
Green checks mean everything was set up properly. All users that are part of the target group should be listed. Click Done. OK. Now Save Changes. If you get any red X, you can move the cursor over it to get details about the problem.
The group membership is re-synchronized every 15min, so changes in AD should be reflected in Netmail after that amount of time has passed. Alternatively, pressing "Save Changes" again on this page will trigger an immediate re-sync.