Aushkin
Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
Оригинал здесь: http://lists.altn.com/WebX/.5985ce78/0
Hello Greg,
I don't believe you can point the Base DN directly to a group when querying Active Directory.
You would need to query those results using the search filter.
So, the "CN=email,OU=groups,DC=CCH,DC=org" entry would not work as the Base DN.
If wanted, you could point the Base DN to an OU which contains the group.
However, if you have group members contained in other folders, they would be excluded from the results.
If an AD user account is found that matches an existing MDaemon user account found in your specified group, that MDaemon user account will be linked to it.
Here is an example of a setup that worked for me:
1. In AD, on the root, I created an OU called "tester".
(NOTE: In AD, my domain is named "test.com")
2. Inside the "tester" OU, I created a new group called "mdusers".
3. In the "mdusers" group, I added two members: One found in the "Users" folder and one found in the "tester" OU.
4. In MDaemon, I used the following settings in the Active Directory | Options settings:
Base entry DN: dc=test,dc=com
Search Filter: (&(objectClass=User)(objectCategory=person)(memberOf=cn=mdusers,ou=tester,dc=test,dc=com)
Bind DN: Administrator
Password: (provided password for Administrator account)
Search Scope: Base DN and all children
Use secure authentication: Enabled
Use SSL authentication: Disabled
Page Size: 1000
4. Clicked Ok
In the Active Directory | Monitoring settings, I clicked the Perform full AD scan now button.
Results: Only two members of the "mdusers" group were created as a new MDaemon accounts, no others.
Regarding the settings under Setup | Default Domain/Servers | LDAP:
When creating the account on the LDAP server, you can stipulate whether or not the account uses dynamic authentication. This will apply to the settings in the account that is generated by MDaemon.
If you create the account in AD, when it syncs with MDaemon, the newly created account will only use either dynamic authentication with the domain you stipulated in the AD Monitoring settings or it will create a randomly generated password. If you stipulated a domain for dynamic authentication but you want some users to authenticate to MDaemon, you would need to go into the newly created MDaemon account to assign a new password.
Let me know if you need further clarification.
Regards,
--
Jared Charles
Alt-N Technologies
A Subsidiary of Research In Motion
http://www.altn.com |
Всего записей: 387 | Зарегистр. 06-05-2004 | Отправлено: 10:36 21-09-2011 | Исправлено: Aushkin, 10:45 21-09-2011 |
|
