Configuring the connection to an LDAP server

January 24, 2025

ID 94313

To configure the LDAP server connection settings:

  1. In the main window of the program web interface, open the management console tree and select the Settings section and LDAP subsection.
  2. In the lower part of the workspace, select the LDAP server the connection to which you want to configure.
  3. In the LDAP Server Connection Settings settings group of the selected server, click any link to open the LDAP Server Connection Settings window.
  4. In the LDAP server settings settings group, in the LDAP server list, select one of the following external directory services:
    • generic LDAP, if you want to add a connection to a server of an LDAP-compatible directory service (such as Red Hat Directory Server).
    • Active Directory, if you want to add a connection to a Microsoft Active Directory server.
  5. In the LDAP server settings section, in the Server address field type the IP address in IPv4 format or the FQDN name of the LDAP server to which you want to connect.
  6. In the LDAP server settings section, in the Connection port number list specify the port for connecting to the LDAP server.

    The LDAP server usually receives inbound connections at port 389 via the TCP or UDP protocol. Port 636 is normally used to connect to an LDAP server via the SSL protocol.

  7. In the LDAP server settings section, in the Connection type list select one of the data encryption options when connecting to the LDAP server:
    • SSL, if you want to use SSL.
    • TLS, if you want to use TLS.
    • No encryption, if you do not want to use data encryption technologies when connecting to the LDAP server.

      After Microsoft update ADV190023 LDAP Channel Binding and LDAP Signing, the No encryption option no longer works, and you must use SSL or TLS encryption when connecting to the LDAP server.

  8. In the Authentication settings section, in the LDAP server user account name field type the name of the user of the LDAP server who has privileges to read directory records (BindDN). Enter the user name in one of the following formats:
    • cn=<user name>, ou=<department name> (if required), dc=<domain name>, dc=<parent domain name>, if you want to add a connection to a server of an LDAP-compatible directory service (such as Red Hat Directory Server).

      For example, you can enter the following user name: cn=LdapServerUser, dc=example, dc=com, where LdapServerUser is the name of the LDAP server user; example is the domain name of the directory to which the user's account belongs; com is the name of the parent domain in which the directory is located.

    • cn=<user name>, ou=<unit name> (if required), dc=<domain name>, dc=<parent domain name> or <user name>@<domain name>.<parent domain name> if you want to add a connection to a Microsoft Active Directory server.

      For example, you can enter the following user name: [email protected], where LdapServerUser is the name of the LDAP server user; is the domain name of the directory to which the user's account belongs.

  9. In the Authentication settings section, in the LDAP server user account password field type the LDAP server access password of the user specified in the LDAP server user account name field.
  10. In the Search settings section, in the Search base field type the DN (Distinguished Name) of the directory object beginning with which Kaspersky Security 8 for Linux Mail Server will start searching directory records.

    Enter the search base in the following format: ou=<department name> (if required), dc=<domain name>, dc=<parent domain name>.

    For example, you can enter the following search base: ou=people, dc=example, dc=com, where people is the directory level from which Kaspersky Security 8 for Linux Mail Server starts searching for records (the search is run at the people level and lower levels. Objects located above this level are excluded from the search scope); example is the domain name of the directory in which Kaspersky Security 8 for Linux Mail Server searches for records; com is the name of the parent domain in which the directory is located.

  11. Click the Check button.

    Kaspersky Security 8 for Linux Mail Server checks the connection to the LDAP server using the connection and authentication settings you have specified.

  12. Click the Apply button.

    The LDAP Server Connection Settings window closes.

See also

Integration with an external directory service

Connecting to and disconnecting from an LDAP server

Adding a LDAP server connection

Deleting a LDAP server connection

Enabling and disabling a connection to an LDAP server

Configuring the LDAP server connection filters

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).