Active Directory Integration
Starting from build 5771 administrators can integrate Xeams with an existing Active Directory in their company.
If integrated, Xeams will use AD lookup when:
- A new user needs to be created
- To authenticate existing users
- Reject invalid users when accepting inbound emails
Steps to enable Active Directory
- Login as admin
- Click Active Directory Integration under Server Configuration
- Fill in the form on the following page. The fields are:
- Enable AD Integration: None of the other fields matter if this is NOT checked
- Integrate Users: Check if you want Xeams to create users based on AD. Read below for more details.
- Reject Invalid Users: If checked, recipients email is validated with AD before accepting an incoming email.
- Host Name/IP: Host name or IP address of your domain controller.
- AD Domain Name: This is the local domain name. For example: yourcompany.local
- Base DN: Leave this blank initially. Xeams will attempt to fetch this value from the server. Occasionally, you may see more than one value for this field. In that case, you will have to pick the appropriate value.
- Administrator's User ID: User ID that has enough privilege to perform an AD lookup. This is typically set to Administrator
- Password: Password for the user
Creating and authenticating new users
Xeams will create new user accounts automatically when AD integration is enabled AND the check box for Integrate Users
is checked (see above).
No additional steps are required for user creation. Consider the following scenario as an example:
- This is a new install and no users exist in Xeams
- A user named John Doe, who has a valid account in your AD tries to connect to Xeams's Admin Console. John's User ID is john.doe
- He puts john.doe for login ID and his password to connect in Xeams.
- Upon a successful authentication through AD, Xeams will automatically create an account for John in Xeams. Note: Ensure
an valid email address is associated with John's account in your AD. Xeams will pull his email and automatically create an association
with this new account.
- Xeams will NOT store John's password. Whenever a password is needed, Xeams will query AD.
- From now on, John can use his AD credentials to login to Xeams' Admin Console.
Rejecting invalid users
If you use the Regular SMTP server
to receive in-bound emails, Xeams can query AD before accepting emails. This reduces the number
of overall email accepted by Xeams since invalid users will be rejected right at the door step. One additional benefit is that Xeams will
not have to generate an NDR (non-delivery report) for this message. It is the responsibility of the sending SMTP server to generate an NDR.
To enable this feature, check Reject Invalid Users
under Server Configuration/Active Directory Integration
AD lookup is NOT performed when SMTP Proxy Server is used. This is because in case of the Proxy, the acceptance of incoming email
is delegated to your actual email server, which could be either MS Exchange, or any other SMTP server. Therefore, to reject incoming emails for
invalid users you must configure the SMTP server that Xeams is proxying for.