Sun Java System Messaging Server 6.3 Administration Guide

4.9 To Customize Directory Lookups

Messaging Server cannot function without an LDAP-based directory system such as the Sun Java System Directory Server. Messaging Server requires directory access for a number of purposes. For example:

Reconfiguring your Messaging Server to connect to a different user directory for user and group lookups is strictly optional. In most cases, the user directory that defines your server’s administrative domain is the one used by all servers in the domain.

ProcedureTo Modify the Messaging Server LDAP User-lookup Settings

  1. The commands for the user-directory connection settings are shown below, but first set the LDAP and PAB password as follows:

    • Modify the password for the user specified in the configuration attribute local.ugldapbinddn. This user account exists in the directory server specified in configuration attribute local.ugldaphost.

    • If the same account is used for PAB access, specified in the attributes local.service.pab.ldapbinddn and local.service.pab.ldaphost, then the password stored in local.service.pab.ldappasswd must be updated.

    To specify whether to use Messaging Server specific directory settings:

    configutil -o local.ugldapuselocal -v [ yes | no ]

    Host name is the name of the host machine on which the directory containing your installation’s user information resides. This is typically not the same as the Messaging Server host, although for very small installations it might be. To specify the LDAP host name for user lookup:

    configutil -o local.ugldaphost -v name[:port_number]

    Port number is the port number on the directory host that Messaging Server must use to access the directory for user lookup. This number is defined by the directory administrator, and may not necessarily be the default port number (389). To specify the LDAP port number for user lookup:

    configutil -o local.ugldapport -v number

    The Base DN: is the search base—the distinguished name of a directory entry that represents the starting point for user lookups. To speed the lookup process, the search base should be as close as possible in the directory tree to the information being sought. If your installation’s directory tree has a “people” or “users” branch, that is a reasonable starting point. To specify the LDAP base DN for user lookup:

    configutil -o local.ugldapbasedn -v basedn

    Bind DN: is the distinguished name that your Messaging Server uses to represent itself when it connects to the directory server for lookups. The bind DN must be the distinguished name of an entry in the user directory itself that has been given search privileges to the user portion of the directory. If the directory allows anonymous search access, you can leave this entry blank. To specify the LDAP bind DN for user lookup:

    configutil -o local.ugldapbinddn -v binddn