Reflexion LDAP Information and Settings
Posted by Carlos Rios on 16 November 2017 07:14 PM
What is LDAP? (Lightweight Directory Access Protocol)
LDAP is used to access a customer’s Active Directory database to select email addresses of users, aliases, email-enabled public folders, and distribution lists. We take the results and import them into the RTC (Reflexion Total Control) database to mirror what you as a customer have for users, addresses, and aliases. Addresses are pulled ONLY for the domain names that you have previously declared in Reflexion.
Where is your LDAP tool pulling information from?
LDAP connects to an Active Directory server on port 389 via the host name or IP address entered in the LDAP setup page. Whenever possible, specify an IP address rather than an FQDN to avoid unforeseeable DNS issues. You MUST enter a valid public (not a .local) admin email address into LDAP Setup, so you can be notified at once of configuration or connectivity errors. If you shut down access to your AD server on a scheduled or routine basis, you can “pause” LDAP to avoid being sent connectivity error messages from Reflexion.
What are the advantages of using LDAP vs. adding users manually?
Not only does LDAP save the administrator time and errors that come with manual data entry, it also runs on a schedule and automatically detects changes to the customer's Active Directory environment and systematically imports new/modified/deleted users, addresses, distribution lists, and aliases.
What information does LDAP sync?
We use LDAP to sync user names, email addresses/aliases, email-enabled distribution groups, and email-enabled public folders. Because your Deleted Objects folder is protected, the UID/PWD pair specified in the LDAP Setup page must be for a full Exchange system administrator. Otherwise, we will not be able to see addresses that you delete.
Also, disabling an address is different from deleting an address. If an address is deleted, we detect the deletion and pass it through to Reflexion. If an address is disabled (for whatever reason), we thereafter ignore it, unless it's re-enabled or deleted. Note that we exclude any references to disabled addresses and to “.local” (non-public) addresses.
How often does LDAP update/sync?
LDAP sync checks for NEW customers' data every three minutes and checks for changes to EXISTING customers' data several times throughout the day. You can force LDAP to refresh in order to detect recent, manually applied Active Directory changes within a few minutes by clicking “Save/Sync now” on the LDAP Setup page.
Customer LDAP Server Configuration
The firewall must be configured to allow TCP connections on port 389 from ALL of the following subnets: