Synchronizing users and groups with LDAP

You can synchronize users and groups from your directory service with the Control Panel.

You have activated the LDAP connection to your directory service.

By synchronizing users and groups, all users and groups from your directory service are transferred to the Control Panel. If users or groups are deleted or changed in the directory service, these changes are also applied in the Control Panel.

Important:

Before importing users from the directory service, you must manually create the groups inside the Control Panel. In order for the users to be assigned to the groups, the groups must be named exactly as in the directory service.

For more information on the creation of groups, see Groups.

If a user from the directory service has previously been manually assigned to a group in the Control Panel, but is not assigned to any group in the directory service or is assigned to another group via an LDAP attribute, the existing group assignment in the Control Panel will be deleted during synchronization.

Note:

Mailboxes that have been created manually in the Control Panel or come from other sources than LDAP remain in the Control Panel when an LDAP synchronization is performed. During synchronization, only mailboxes that have been created in the Control Panel during a previous LDAP synchronization and are no longer available in the directory service are deleted from the Control Panel.

Note:

With the synchronization of users from your directory service, alias addresses are automatically assigned. The advantage is that only one quarantine report is sent out for every primary email address, including all alias addresses.

  1. Log in to the Control Panel with your administrative credentials.
  2. From the scope selection, select the domain whose users and groups you would like to synchronize.
  3. Navigate to Service Dashboard > LDAP Connection.
  4. Toggle the switch Synchronization of groups and users.

    The form below the switch is enabled for input.

    Figure 1: Synchronization of groups and users
  5. To select the users and groups to be synchronized from your directory, enter a filter for the desired users or groups in the field LDAP filter.

    To change the filter, you must use the following syntax:

    (|(xxxxxxxxxx=xxxxxxxxxx)(xxxxxxxxxx=xxxxxxxxxx))

    The preceding | defines an OR relation between the parameters in the following brackets. Therefore, only one defined parameter must match. An AND operation between the parameters can be built by adding an & at the beginning.

    In addition, at least one entry must stand in the brackets.

    Note:

    The expression (|(sAMAccountType=805306368)(sAMAccountType=268435456)(sAMAccountType=268435457)(objectclass=publicFolder)) finds all users from a Microsoft Active Directory.

  6. To check which users and groups would be synchronized from your directory service with the Control Panel when synchronization is enabled, you can view the valid users and groups (see Checking Valid Users and Groups from your Directory Service).
  7. Click on Apply changes in the lower window area.

    Your settings are saved.

    Note:

    The synchronization of data from the directory service is performed hourly. For this reason, the result of your settings may not be effective for up to two hours.

The users and groups from your directory service are periodically synchronized with the Control Panel via LDAP.