Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring System Settings > Managing user directories > Adding and configuring a user directory
Adding and configuring a user directory
Administrator Help | Forcepoint Email Security | Version 8.5.x
The Add User Directory page is used to add a new user directory. A newly added user directory displays a status of Not referenced, because it is not yet being used by an email function. User directory creation entries are different depending on the type of user directory being added.
Add a new user directory
1.
On the page Settings > Users > User Directories, click Add.
The Add User Directory page displays.
2.
In the text field User directory name, enter a name for the user directory.
3.
From the pull-down menu User directory type, select a type; Microsoft Active Directory, IBM LDAP Server, Generic LDAP, Recipient List, or ESMTP.
The User Directory Properties section displays with configuration options for the selected user directory:
*
Microsoft Active Directory
*
IBM LDAP Server Directory
*
Generic LDAP Server Directory
*
Recipient List
*
ESMTP Server Directory
4.
After configuring properties in the section User Directory Properties, click OK.
The user directory is saved.
Microsoft Active Directory
Microsoft Active Directory provides user information management in a Windows environment.
If you plan to use Active Directory and your deployment includes Azure ExpressRoute, some additional configuration is needed in Azure. See the Microsoft article Azure Active Directory (AD) Domain Services for more information.
Configure a Microsoft Active Directory in the User Directory Properties section
1.
On the page Settings > Users > User Directories, click Add.
The Add User Directory page displays.
2.
In the text field User directory name, enter a name for the user directory.
3.
From the pull-down menu User directory type, select Microsoft Active Directory.
User Directory Properties section displays with options for Microsoft Active Directory.
4.
In the text field Server IP address or hostname, enter the IP address or hostname of your LDAP server.
5.
In the text field Port, enter the port number.
The default is 389.
6.
(Optional) Enable secure LDAP, a nonstandard protocol also known as LDAP over SSL; mark the check box Enable secure LDAP.
Marking this check box changes the default port number to 636.
7.
In the text field Username, enter the username for this appliance.
The Username field can contain the user's username (such as admin), email address (such as admin@mycompany.com), or distinguished name (such as cn=admin, dc=company, dc=com).
8.
In the text field Password, enter the password for this appliance.
9.
In the text field Search domain, enter the LDAP server's search domain name.
This value is used when the search filter is applied.
10.
Verify that the field Search filter contains a standard LDAP query that can use validation variables, for example:
(|(mail=%email%)(userPrincipalName=%email%)
(proxyAddresses=smtp:%email%))
11.
From Cache setting, select either Mirror or Cache address.
*
The Mirror setting means that valid addresses are cached all at once by synchronizing the cache with all the addresses stored on the LDAP server. You can manually synchronize the cache with the LDAP server any time after that by clicking Synchronize for this directory on the User Directories page.
*
The Cache address setting means the cache is updated dynamically. A new, valid address is cached after it is verified with the LDAP server. Remove all addresses from the cache by clicking Clear cache.
12.
In the text field Cache timeout, enter a value in minutes.
The timeout is the amount of time that a valid address remains in the memory cache. If an email message is sent from a previously validated address during this timeout period, the email is delivered without contacting the validation server. However, if another message is sent from this address after the timeout has expired, the server will be contacted to validate the address. Default value is 60 minutes.
13.
Click OK.
The settings are saved.
IBM LDAP Server Directory
An IBM LDAP Server Directory provides user information management on an IBM server.
Configure an IBM LDAP Server Directory in the User Directory Properties section
1.
On the page Settings > Users > User Directories, click Add.
The Add User Directory page displays.
2.
In the text field User directory name, enter a name for the user directory.
3.
From the pull-down menu User directory type, select IBM LDAP Server.
The User Directory Properties section displays with options for IBM LDAP Server Directory.
4.
In the text field Server IP address or hostname, enter the IP address or hostname of your LDAP server.
5.
In the text field Port, enter the port number.
The default is 389.
6.
(Optional) Enable secure LDAP, a nonstandard protocol also known as LDAP over SSL; mark the check box Enable secure LDAP.
Marking this check box changes the default port number to 636.
7.
In the text field Username, enter the username for this appliance.
The Username field can contain the user's username (such as admin), email address (such as admin@mycompany.com), or distinguished name (such as cn=admin, dc=company, dc=com).
8.
In the text field Password, enter the password for this appliance.
9.
From Cache setting, select either Mirror or Cache address.
*
The Mirror setting means that valid addresses are cached all at once by synchronizing the cache with all the addresses stored on the LDAP server. You can manually synchronize the cache with the LDAP server any time after that by clicking Synchronize for this directory on the User Directories page.
*
The Cache address setting means the cache is updated dynamically. A new, valid address is cached after it is verified with the LDAP server. Remove all addresses from the cache by clicking Clear cache.
10.
In the text field Cache timeout, enter a value in minutes.
The timeout is the amount of time that a valid address remains in the memory cache. If an email message is sent from a previously validated address during this timeout period, the email is delivered without contacting the validation server. However, if another message is sent from this address after the timeout has expired, the server will be contacted to validate the address. Default value is 60 minutes.
11.
Click OK.
The settings are saved.
Generic LDAP Server Directory
A generic LDAP directory provides user information management that is supported on any LDAP server.
Configure a generic LDAP Server Directory in the User Directory Properties section
1.
On the page Settings > Users > User Directories, click Add.
The Add User Directory page displays.
2.
In the text field User directory name, enter a name for the user directory.
3.
From the pull-down menu User directory type, select Generic LDAP.
The User Directory Properties section displays with options for Generic LDAP Server Directory.
4.
In the text field Server IP address or hostname, enter the IP address or hostname of your LDAP server.
5.
In the text field Port, enter the port number.
The default is 389.
6.
(Optional) Enable secure LDAP, a nonstandard protocol also known as LDAP over SSL; mark the check box Enable secure LDAP.
Marking this check box changes the default port number to 636.
7.
In the text field Username, enter the username for this appliance.
The Username field can contain the user's username (such as admin), email address (such as admin@mycompany.com), or distinguished name (such as cn=admin, dc=company, dc=com).
8.
In the text field Password, enter the password for this appliance.
9.
In the text field Search domain, enter the LDAP server's search domain name.
This value is used when the search filter is applied.
10.
Verify that the field Search filter contains a standard LDAP query that can use validation variables; for example:
(mail=%email%)
(|(mail=%email%)(uid=%email%))
11.
In the text field Mail field, enter any optional email addresses to import.
12.
From Cache setting, select either Mirror or Cache address.
*
The Mirror setting means that valid addresses are cached all at once by synchronizing the cache with all the addresses stored on the LDAP server. You can manually synchronize the cache with the LDAP server any time after that by clicking Synchronize for this directory on the User Directories page.
*
The Cache address setting means the cache is updated dynamically. A new, valid address is cached after it is verified with the LDAP server. Remove all addresses from the cache by clicking Clear cache.
13.
In the text field Cache timeout, enter a value in minutes.
The timeout is the amount of time that a valid address remains in the memory cache. If an email message is sent from a previously validated address during this timeout period, the email is delivered without contacting the validation server. However, if another message is sent from this address after the timeout has expired, the server will be contacted to validate the address. Default value is 60 minutes.
14.
Click OK.
The settings are saved.
Recipient List
A recipient list is a text file that contains a list of email addresses and their associated passwords, one set per line. This file can be used for user recipient validation.
Configure a recipient list in the User Directory Properties section
1.
On the page Settings > Users > User Directories, click Add.
The Add User Directory page displays.
2.
In the text field User directory name, enter a name for the user directory.
3.
From the pull-down menu User directory type, select Recipient List.
4.
The User Directory Properties section displays with options for Recipient List.
5.
Enable a strong password policy; mark the check box Enforce strong password policy.
With this policy in force, a password must meet the following requirements:
*
Between 8 and 15 characters
*
At least one uppercase letter
*
At least one lowercase letter
*
At least one number
*
At least one special character; supported characters include:
! " # $ & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
If you have an existing recipient list and enable the strong password policy, the email protection system evaluates current passwords in the list against the policy. When this evaluation is complete, a Strength column appears in the Recipient List box, indicating any weak passwords that should be changed. A recipient list that contains weak passwords cannot be saved if the check box Enforce strong password policy is marked.
6.
Add a predefined recipient list file; from the field Recipient information file, click Browse and navigate to the desired text file.
The file format should be one email address and password per line, up to a maximum of 1,000 entries.
 
* 
Note 
If you add a new recipient list file when you already have an active recipient list, the new file will overwrite the current file.
7.
Manually create a recipient list; from the box Enter Recipient Information, enter an individual email address and associated password and click >.
The information is added to the Recipient List box on the right. Continue until all necessary recipients are added.
8.
Click OK.
The settings are saved.
Search the recipient list
1.
From the section Recipient List, enter a keyword in the text box and click Search.
Search results display in the Recipient List box.
2.
View the entire recipient list; click View All.
The entire recipient list displays.
Export the recipient list
*
From the section Recipient List, click Export.
The recipient list is exported to your local drive as a text file.
Remove an entry from the recipient list
*
From the section Recipient List, select an individual entry and click Delete.
The entry is removed.
ESMTP Server Directory
An ESMTP Server Directory provides user authentication and recipient validation using the features in extended SMTP.
Configure an ESMTP Server Directory in the User Directory Properties section
1.
On the page Settings > Users > User Directories, click Add.
The Add User Directory page displays.
2.
In the text field User directory name, enter a name for the user directory.
3.
From the pull-down menu User directory type, select ESMTP.
The User Directory Properties section displays with options for ESMTP Server Directory.
4.
Determine your desired email verification method; from Email verification method, select Use the return status of the VRFY command or Use the return status of the RCPT command:
*
Selection of Use the return status of the VRFY command verifies the email user name.
*
Selection of Use the return status of the RCPT command verifies the email recipient.
5.
In the text field Sender email address, enter an email address for the user directory.
6.
In the text field Cache timeout, enter a value in minutes.
The cache timeout is the amount of time that a valid address remains in the memory cache. If an email message is sent from a previously validated address during this timeout period, the email is delivered without contacting the validation server. However, if another message is sent from this address after the timeout has expired, the server will be contacted to validate the address. Default value is 60 minutes.
Remove all addresses from the cache by clicking Clear cache.
7.
Click OK.
The settings are saved.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring System Settings > Managing user directories > Adding and configuring a user directory
Copyright 2022 Forcepoint. All rights reserved.