Adding and configuring a user directory

Administrator Help | TRITON AP-EMAIL | Version 8.2.x

Click Add on the Settings > Users > User Directories page to open the Add User Directory page. After you name your user directory, select a user directory type from the drop-down list. Note that a new user directory has a status of Not referenced, because it is not yet being used by an email function. User directory creation entries are different depending on the type of user directory you want.

Create a user directory by following the steps for the desired directory type:

Microsoft Active Directory

IBM LDAP Server Directory

Generic LDAP Server Directory

Recipient List

ESMTP Server Directory

Microsoft Active Directory

Microsoft Active Directory provides user information management in a Windows environment. Use the following procedures to configure a Microsoft Active Directory in the User Directory Properties section:

Enter the IP address or hostname of your LDAP server in the Server IP address or hostname field.

Enter the port number in the Port field (default is 389).

Select the Enable secure LDAP check box if you want to enable secure LDAP, a nonstandard protocol also known as LDAP over SSL.

Note that marking this check box changes the default port number to 636.

Enter the username and password for this appliance in the Username and Password fields. The Username field can contain the user's username, email address, or distinguished name.

Enter the LDAP server's search domain name in the Search domain field. This value is used when the search filter is applied.

The Search filter field should contain a standard LDAP query that can use validation variables, for example:

(|(mail=%email%)(userPrincipalName=%email%)

(proxyAddresses=smtp:%email%))

Select either Mirror or Cache address as your cache setting.

The Mirror setting means that valid addresses are cached all at once by synchronizing the cache with all the addresses stored on the LDAP server. You can manually synchronize the cache with the LDAP server any time after that by clicking the Synchronize action for this directory on the User Directories page.

The Cache address setting means the cache is updated dynamically. A new, valid address is cached after it is verified with the LDAP server. Remove all addresses from the cache by clicking Clear cache.

Enter a value in the cache timeout field. The timeout is the amount of time that a valid address remains in the memory cache. If an email message is sent from a previously validated address during this timeout period, the email is delivered without contacting the validation server. However, if another message is sent from this address after the timeout has expired, the server will be contacted to validate the address. Default value is 60 minutes.

IBM LDAP Server Directory

An IBM LDAP Server Directory provides user information management on an IBM server. Use the following procedures to configure an IBM LDAP Server Directory in the User Directory Properties section:

Enter the IP address or hostname of your LDAP server in the Server IP address or hostname field.

Enter the port number in the Port field (default is 389).

Select the Enable secure LDAP check box if you want to enable secure LDAP, a nonstandard protocol also known as LDAP over SSL.

Note that marking this check box changes the default port number to 636.

Enter the username and password for this appliance in the Username and Password fields. The Username field can contain the user's username or distinguished name.

Select either Mirror or Cache address as your cache setting.

Generic LDAP Server Directory

A generic LDAP directory provides user information management that is supported on any LDAP server. Use the following procedures to configure a generic LDAP Server Directory in the User Directory Properties section:

Enter the IP address or hostname of your LDAP server in the Server IP address or hostname field.

Enter the port number in the Port field (default is 389).

Select the Enable secure LDAP check box if you want to enable secure LDAP, a nonstandard protocol also known as LDAP over SSL.

Note that marking this check box changes the default port number to 636.

Enter the username and password for this appliance in the Username and Password fields. The Username field can contain the user's username or distinguished name.

Enter the LDAP server's search domain name in the Search domain field. This value is used when the search filter is applied.

The Search filter field should contain a standard LDAP query that can use validation variables, for example:

(mail=%email%)

(|(mail=%email%)(uid=%email%))

Enter any optional email addresses to import in the Mail field text box.

Select either Mirror or Cache address as your cache setting.

Recipient List

A recipient list is a text file that contains a list of email addresses and their associated passwords, 1 set per line. This file can be used for user recipient validation.

You can perform a keyword search on a recipient list by using the keyword entry field and Search button at the top of the Recipient List table. When your search results appear, a View All option allows you to view the entire recipient list.

If you have an existing recipient list and you choose to enable the strong password policy, the email protection system evaluates current passwords in the list against the policy. When this evaluation is complete, a Strength column appears in the Recipient List box indicating any weak passwords that should be changed. You cannot save a recipient list that contains weak passwords if you have chosen to use the strong password policy.

Use the following procedures to configure a recipient list in the User Directory Properties section:

Enable a strong password policy by marking the Enforce strong password policy check box. With this policy in force, a password must meet the following requirements:

Between 8 and 15 characters

At least 1 uppercase letter

At least 1 lowercase letter

At least 1 number

At least 1 special character (supported characters include:

! " # $ & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~)

Add a predefined recipient list file by clicking Browse next to the Recipient information file entry field and navigating to the desired text file. The file format should be 1 email address and password per line, up to a maximum of 1000 entries.


	Note If you add a new recipient list file when you already have an active recipient list, the new file will overwrite the current file.

You can also create a recipient list by entering an individual email address and associated password in the Enter Recipient Information box and clicking the arrow button to add the information to the Recipient List box on the right.

Click Search if you want to perform a keyword search on your recipient list.

Click OK.

You cannot save a recipient list that contains weak passwords if you have chosen to use the strong password policy.

After you finish your recipient list entries, you can export the list to your local drive as a text file by clicking Export.

Remove an individual entry by selecting it in the Recipient List box and clicking Delete.

ESMTP Server Directory

An ESMTP Server Directory provides user authentication and recipient validation using the features in extended SMTP. Use the following procedures to configure an ESMTP Server Directory in the User Directory Properties section:

Determine your desired email verification method. Select Use the return status of the VRFY command to verify the email user name. Select Use the return status of the RCPT command to verify the email recipient.

Enter an email address for the user directory in the Sender email address field.

Enter a value in the cache timeout field. The cache timeout is the amount of time that a valid address remains in the memory cache. If an email message is sent from a previously validated address during this timeout period, the email is delivered without contacting the validation server. However, if another message is sent from this address after the timeout has expired, the server will be contacted to validate the address. Default value is 60 minutes.

Remove all addresses from the cache by clicking Clear cache.