Organizations can optionally use an encrypted version of LDAP, LDAPS, by installing a certificate and configuring their mail server to use that certificate. The process is similar to that of installing an SSL certificate for a web site.
To enable LDAPS, a certificate needs to be installed on the organization's directory server. The certificate can be issued by a Certificate Authority such as Verisign, or it can be a self-signed certificate generated by the organization. It is important to note that the server common name in the certificate must exactly match the fully qualified name of the server where it will be installed - e.g., alfred.example.com.
Since there are numerous ways to generate a certificate - including either the use of internal software or the use of a third-party Certificate Authority) - that process is not detailed here. Please contact support if you are unsure how to request or install a certificate.
Once the certificate has been successfully imported, LDAPS should be enabled. Make sure that your firewall allows inbound connections on the LDAPS port (port 636) from our networks. Once your firewall has been updated, in the Management > User Management > Synchronization area of the control panel, configure the spam filter to use LDAPS rather than LDAP, and click on the Test Now button to verify that the spam filter can connect to the directory server and that the mail accounts can be successfully determined.