LDAP Authentication Issue

[jpkovacic]

I currently have Scalix Enterprise 10 installed for my company's E-mail system. One major concern I have is LDAP access. Currently, I can get access to my company's system directory via LDAP on a client like Mozilla Thunderbird without providing a username or password to get access. I'm concerned that unscrupulous parties will be able to access our system directory and use it to spam company employees. So I'd like to only allow access to LDAP via a valid E-mail system username and password (i.e., authorized access). I could not get a feel as to how to do this with a review of Scalix documentation and combing of Scalix's knowledgebase and community forum areas. Is there a set procedure for accomplishing this?

Thanks,
Joe K

[florian]

Joe,

unfortunately, there is currently no way in the product to further restrict LDAP access. It is also not possible to turn off LDAP access completely, because the Scalix Admin Console requires it internally.

What you can do, however, is to use iptables on your Scalix server to restrict incoming LDAP traffic to selected IP addresses on your internal network which need the access.

We're currently discussing this particular area in another context and hope to provide to with a more complete solution in a future release.

Cheers,
Florian.