LDAP User Add/Update Page

You can associate an LDAP User or LDAP Group to a Barracuda Cloud Archiving Service role and list of email addresses. For example, you may want to prevent a user with the Auditor role from viewing specific user mailboxes.

• LDAP user/group – Enter the LDAP User or Group name to which the permissions apply.

• Role – Select the Barracuda Cloud Archiving Service role for the specified LDAP user or group account:

  • User role – Specify mailbox addresses to include or exclude from the LDAP account:

    • Include these Addresses – Enter a mailbox address that you wish to make available to the specified LDAP account, and then click the + icon.

    • Exclude these Addresses – Enter a mailbox address that you wish to hide from the specified LDAP account, and then click the + icon.

  • Auditor role – Configure the desired permissions:

    • Domains – Enter a domain for which the auditor can view mail, and then click the + icon.

    • Saved search – If you have defined Saved searches on the Basic > Search page, select the desired Saved search from the drop-down menu to filter the auditor's search results.

    • Exclude these addresses – Enter a mailbox address that you want to hide from the specified LDAP account, and then click the + icon.

  • Admin role – Specify mailbox addresses that you want to hide from the specified LDAP account.

Note that it can take up to 3 hours for changes in group membership in LDAP to be reflected.

Include these Addresses/Exclude these Addresses are analogous to an allow list and block list. When a configured user runs a search on the Basic > Search page, the following allow and block rules are in place:

1. Mail for addresses added to the Exclude these addresses block list are NOT displayed unless the mail includes the user performing the search to assure that a user can always see their own mail.

2. The Exclude these addresses block list always takes precedence; addresses added to the Include these addresses allow list are searchable unless the Exclude these addresses block list blocks the mail.

3. Because a user with the Admin or Auditor role can by default view all mail, users set to these roles can only edit their Exclude these addresses list.

4. If a user is not configured and is a member of a group, then the allow and block rules assigned to that group apply to that user. Additionally, if the unconfigured user is a member of multiple groups, then the privileges for all of those groups are merged and that user is assigned the least privileged role of those groups. This allows the Admin to apply allow and block rules to all users of a distribution group.

   • Example 1: If Brian is not individually configured but is a member of the distribution group HR, then the Admin can set the allow and block rules for the group HR, and Brian will use these settings when searching mail rather than seeing only his own mail.

   • Example 2: If Josh is not individually configured but is a member of the distribution group HR which has an Auditor role, and Josh is also a member of the group Employees which has a User role, Josh has only the User role privileges when running a search.

5. A user cannot run a Search as user Search on the Basic > Search page on a user that is on their Exclude these addresses exclusion rules block list.

• https://documentation.campus.barracuda.com/wiki/spaces/BCAS/pages/4063340

• https://documentation.campus.barracuda.com/wiki/spaces/BCC/pages/1638672

• https://documentation.campus.barracuda.com/wiki/spaces/BCAS/pages/4063322