Use the WebAdmin Interface to configure the LDAP module. Open the Services pages in the Settings realm, and open the LDAP page.
Log: Use this setting to specify what kind of information the LDAP module should put in the Server Log. Usually you should use the Major or Problems (non-fatal errors) levels. But when you experience problems with the LDAP module, you may want to set the Log Level setting to Low-Level or All Info: in this case protocol-level or link-level details will be recorded in the System Log as well.
The LDAP module records in the System Log are marked with the LDAP tag. Please note that LDAP is a binary protocol, so all low-level data is presented in the hexadecimal form.
Channels: When you specify a non-zero value for the TCP/IP Channels setting, the LDAP module creates a so-called "listener" on the specified port. The module starts to accept all LDAP connections that mail clients establish in order to update password data. This setting is used to limit the number of simultaneous connections the LDAP module can accept. If there are too many incoming connections open, the module will reject new connections, and the user should retry later.
If the number of channels is set to zero, the LDAP module closes the listener and releases (unbinds from) the TCP port(s).
listener: By default, the LDAP module Listener accepts clear text connections on the TCP port 389, and secure connections - on the TCP port 636. Follow the listener link to tune the LDAP Listener.
Note::The pre-4.7 Netscape ® LDAP clients crash if they communicate with a very fast server returning more than 90 records. Ask your users to update to the 4.7 or later version of Netscape browser/mailer product.
Note::The Netscape® LDAP client (version 4.7) does not correctly process the "properties" command - it always tries to connect to the port 389, even if the search was successfully made on a different (for example, secure) port.
Sometimes you need to specify the Directory Tree Root element (an empty string) as the "search base DN". Some LDAP clients do not process this situation correctly (for example, Microsoft LDAP client silently replaces an empty Search Base string with the c=your_country string).
In these cases you should specify the string top as your Search Base string. The LDAP module interpretes this string as an empty string (Directory Root DN).