Configuring LDAP for Local FTP Mailbox

Use the LDAP tab to specify values to for this mailbox. The LDAP tab is enabled when you select the LDAP Usergroup check box on the FTP tab.

The values you specify on this tab supersede the values specified on the LDAP Settings or LDAP Server page.

Override System Settings

Select the Override System Settings check boxes to enable their related fields.

Base DN

The base organizational unit where the users are defined. Contact your directory administrator for the correct Base DN value. (The Base DN value entered here can be overridden in a local user host LDAP mailbox.)

The examples the table below show sample base organizational units for the supported directory types.

Directory Type	Example Base DN
Active Directory	`OU=Employees,DC=company,DC=com`
Apache Directory Services	`OU=Users,DC=example,DC=com`
Lotus Domino	`O=SCNotes`
Novell eDirectory	`O=Company Organization`
DirX	`ou=Users,o=Company`

Search filter

Optional. Used to limit the amount of information returned from the LDAP server when many users are defined. A more restrictive filter can be specified as a comma separated list. If necessary, contact your directory administrator to determine the appropriate attributes and values. You can override the value entered here in a local user host LDAP mailbox.

The following table contains example lists with sample attribute names and values.

Search Filter	Description
`department=EDI`	Limits the search to entries that have the attribute, `department`, with a value of `EDI`.
`department=EDI,group=administrators`	Limits the search to entries that must match two attributes. The user must be in the `EDI` department and in the `administrators` group.
`department=EDI,telephoneNumber=800*`	Limits search to EDI department members with a telephone number starting with `800`.
`objectclass=person`	Limit the search to entries that are people if the Base DN contains other entries (for example, computers) and people.
`!(userAccountControl:1.2.840.113556.1.4.803:=2)`	Excludes disabled accounts - in Active Directory, if an account is disabled, bit `0x02` in the `userAccountControl` attribute value is on. `1.2.840.113556.1.4.803` is the rule object ID (ruleOID) for the LDAP bitwise `AND` operator.

If the value to search in has any of the following special characters, they must be substituted in the Search Filter with the corresponding escape sequence.

ASCII character	Escape Sequence Substitute
`*`	`\2a`
`(`	`\28`
`)`	`\29`
`,`	`\2c`
`\`	`\5c`
`NUL`	`\00`
`/`	`\2f`

Extend Search Filter

Used to append rules to the default search system filter. This field is enabled regardless of the status of the Override System Options check boxes.

List

Used to display a list of users and their attributes matching the Base DN and Search Filter.