To access LDAP synchronization functionalities, you must install the plugin "ldap-import".
To do this, log into the server and use the following command to start installation:
sudo aptitude update sudo aptitude install bm-plugin-admin-console-ldap-import bm-plugin-core-ldap-import
yum update yum install bm-plugin-admin-console-ldap-import bm-plugin-core-ldap-import
Once installation is complete, restart the "bm-core" component using the following command:
Only the global administrator is able to configure LDAP synchronization for a domain. Domain administrators are able to view settings and launch import jobs.
|LDAP server name or IP address|
LDAP server IP address or FQDN.
Choose which protocol to use:
Depending on the protocol, the port will automatically be set to:
|Root directory||Specify the LDAP root directory|
|User DN||DN of the root user used to connect to the LDAP server|
|Password||The user password used to connect to the LDAP server|
|LDAP filter for users||Only users validated by this filter will be imported into BlueMind|
|LDAP filter for groups||Only users validated by this filter will be imported into BlueMind|
|External ID||Attribute of an invariant and unique LDAP entry identifier used to bind an LDAP entry to a BlueMind entry.|
|Split domain group|
This field can be left empty.
It will be ignored if the split domain functionality is not configured for BlueMind.
Emails sent to members of this group will be redirected to another mail server in the same domain (through split domain configuration).
Values are mapped on import for compatibility reasons:
BlueMind's default email address is defined from the first LDAP attribute of the following: "mail", "mailLocalAddress", "mailAlternateAddress", or "gosaMailAlternateAddress".
The others will be used as alias email addresses.
If none of these fields is filled in, the user will not have a mail service.
|user mail quota|
Must be expressed in bytes in LDAP.
The first of these LDAP attributes to be found is used.
|memberOf||memberOf||List of groups the user is a member of. BlueMind users can only be added to LDAP groups imported previously.|
|photoID||jpegPhoto||Profile picture: attribute content is imported as profile picture for related account|
|member||memberUid||Only users and groups already imported into BlueMind will be added to the group|
From BlueMind 3.5, access to applications is subject to the roles users are assigned. As LDAP imports do not handle roles, imported users are not assigned any roles and they are unable to access applications (webmail, contacts, calendar).
The easiest and most effective way of handling this is through groups:
Roles are maintained during subsequent imports and updates.
In the future, simply assign new users to this/ese group(s) in order to give them the desired roles.
As new versions are released, new roles and improvements to features are regularly added to BlueMind.
E.g. BlueMind version 3.5.9 allows administrators to enable or disable the ability for BlueMind users to connect to Thunderbird through new roles. In earlier versions, all users had this ability.
To make sure that after the update the new right will be enabled for existing users, you must set the group(s) in which LDAP users have been ascribed to are as default groups.
To do this, go to the group(s)' admin page, check the "Default group" box and save:
A user's UID can be filled in or corrected in the user's admin page in BlueMind.
To do this, go to the admin console > Directories > Directory Browser > select user > Maintenance tab: enter the user's LDAP UID in the ExternalID box then save.
The ExternalID must be prefixed by "ldap://".
For example :