Press the “Next” button to proceed.
For security reason, it is best to run the server with LDAP encryption set to LDAPS (LDAP over SSL) or StartSSL. If for some reason you can not get SSL to work then it is best to run the server on the same computer as your AD / LDAP server so that the password is not transmitted in the clear over the network.
The hostname should be the FQDN (Fully Qualified Domain Name) of your AD/LDAP server. This must be the same as the FQDN on your LDAP/AD server's SSL certificate or the SSL server certificate verification will fail. If you are not using any encryption then it is OK to set it to the numeric IP address as well. If you are running the server on the same computer as your AD/LDAP without encryption then you can also set it to "localhost".
If you are running on Microsoft Windows and you want to run the LDAP session over SSL then you must install the public key of the SSL certificate of your AD on the machine that is running the Enterprise Messaging server. The easiest way to do this is to point your Internet Explorer Web Browser to your AD server and then use it to import the certificate. For example, suppose your AD server is at ldap.yourcompany.com, then you should type "https://ldap.yourcompany.com:636" (note that it is "https" not "http") into the address bar of your browser and then tell the browser to accept the certificate offered by the server.
In order to make sure that the host information you just entered is correct, you need to enter the DN (Distinguishing Name) of an user on your AD/LDAP that you know the password of.
If you are using MS Active Directory, you can add the ADSI snap-in to the management console (MMC) to help you get the DN of the users. You can find the snap-in in the support folder of your Windows 2000/2003 server installer CD.
The procedure is discussed in an article at http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsbe_ext_jand.asp
There is also more information at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8c76ff67-9e9d-4fc7-bfac-ffedee8a04d4.mspx
You may also want to download a free LDAP browser from http://www.ldapbrowser.com to help you figure out the structure of you LDAP / AD server. Note that you can install the browser on any Windows 2000/XP machine that can connect to your LDAP server via TCP/IP.
When using Active Directory, the DN for someone whose
user name is mark is probably
Once you have entered the correct LDAP/AD host parameter you can now go to the next page, where you need to enter the following information:
The third step in the LDAP wizard is to setup the mapping of the field from your LDAP / AD to the fields used by Enterprise Messenger. All the field names are optional and you can leave them blank.
The last step in the LDAP Wizard is to create the accounts from the values that the system can find from your LDAP/AD using the parameters you have entered in step 2. You can delete users that you do not wish to have access to the messaging system by deleting their names from the list. You can use the control and shift key to select multiple entries. If you deleted a user by mistake then simply reload the page again.
The user name used by the message system needs to be lower case alphanumeric plus the special characters [. + - _ - @], but can not include any spaces. This means that in order to bind to the LDAP / AD you need to change a mixed case user name to all lower case and replace the space with '+'. For example "Alice Smith" will have the user name "alice+smith".
Please note that by default, any user who have a valid account on your
LDAP / AD will have access to Enterprise Messenger because the account
is created automatically when the user's account information have been
authenticated against the LDAP/AD. If you do not want this behavior then
you need to go to the Enterprise Messenger Server Console, choose (Files |
Configuration) and disable the option
Press the “Next” button to proceed.