Basic Scenario

It is assumed that in most cases that:

• The domain name in AD matches the domain name in IceWarp Server (not applicable to generic LDAP servers).

• The domain name in AD is constructed from domain components (dc) representing a domain existing in both directory server and IceWarp Server.

  example.com => dc=example, dc=com

• Objects to synchronize are located in the default location within directory server; that means objects with common name of Users in domain components defined in DN in AD or objects located just in DN positioned in generic LDAP server. 

• Objects to synchronize have their mail attributes containing domain part matching the very same domain as hosted by IceWarp Server (mail:john@example.com while there is example.com domain hosted by IceWarp).

• Directory server supports default operational attributes. AD always provide these attributes, but not every LDAP server does

In these cases you only need to:

• Set up the hostname or IP of your directory server 

• Set up credentials of a user who has privileges to at least read entities

• Fill in the backup AD hostname or IP - if there is one, which will be used if the primary connection fails

• Set up LDAP server type according to the one you have

• Define desired state after sync: whether account and/or groups should exist (be created) after sync one of basic filters from the drop-down list, for basic scenarios the options would be either User (Group respectively) for AD or inetOrgPerson for generic LDAP

• Set up simple DN constructed as was already described above 

User accounts created during synchronization have their authentication method (API property u_authmode) set to LDAP / Active Directory automatically and will be always authenticated against the directory server. IceWarp allows administrator to change this behavior through user - Options - Authentication drop-down menu.

Figure. Example configuration (use case with AD).