The Directory Access Rights are based on the so-called Bind DNs rather than on CommuniGate Pro Account names and Account rights. See the Directory Manager Access Rights section for more details.
The Directory Access Rights set by default do not require Directory (LDAP) clients to authenticate in order to retrieve any information from the Directory tree.
When an LDAP client tries to authenticate as a certain DN, the LDAP server retrieves the Directory record with the specified DN and compares that record userPassword attribute with the password supplied by the LDAP client. If the record exists, and it contains the userPassword attribute, and the attribute value matches the supplied password, the LDAP client authentication succeeds.
The LDAP module provides an alternative authentication method, when the client specifies a CommuniGate Pro Account name instead of some record DN. In this case, the CommuniGate Pro Server opens the specified Account and compares the Account password with the supplied password. If the passwords match, the Server builds a DN for the Account record using the Directory Integration settings, and uses it as the Bind DN.
and the client has submitted the email@example.com name and the correct password for the firstname.lastname@example.org account, then the LDAP client is authenticated with the following Bind DN:
and this client can access the Directory information available for that Bind DN.
The LDAP module uses the alternative authentication method if the specified string does not contain any equals (=) symbol, or if it starts with the mail= symbols and does not contain any other equals (=) symbols.
This authentication service can be disabled by disabling the LDAP Service for a Domain and/or an Account.
The LDAP Provisioning option can modify the authentication process. If this option is enabled and the supplied Bind DN represents the DN for some CommuniGate Pro Account, the supplied Bind DN is converted into that Account name, and the alternative method is used.
The LDAP module allows users to employ all authentication methods supported with the CommuniGate Pro Server. It supports Simple