CommuniGate Pro allows you to use the LDAP protocol to create, update, rename, and remove Accounts:
When this option is enabled, the LDAP module checks the names (DNs) specified in update operations. If the DN looks like a DN of a CommuniGate Pro Account, the LDAP module does not perform the requested operation with the Directory. Instead, it executes the CreateAccount, UpdateAccount, RenameAccount, or RemoveAccount operations for the specified Account and Domain.
The diagram below illustrates how the LDAP AddRecord operation works in this case:
In this example:
Note: the Directory Integration settings are used to convert LDAP record attribute names into the CommuniGate Pro attribute names. For example, the LDAP AddRecord request can contain the cn attribute. This attribute is stored in the Account settings as the Account RealName setting. When the Account Manager adds a record to the Directory, it converts the RealName Account setting back into the cn record attribute.
Note: all LDAP AddRecord request attributes will be stored as the Account Settings if the LDAP client has authenticated itself as an Account with All Domain and Account Settings access right. But only the attributes specified with the Directory Integration parameters will be copied into the new Directory record. The Directory record will also contain the attributes not included into the original LDAP AddRecord request, but specified in the Account Template.
Note: the LDAP Provisioning feature detects the unixPassword attributes and converts them into Password settings after adding a leading 0x02 byte. See the Account Import section for the details.
The following diagram illustrates how the LDAP ModifyRecord operation can be used to modify Account Settings:
In this example: