Difference between revisions of "Kerio Connect Integration"
| [unchecked revision] | [checked revision] |
Ltalaschus (talk | contribs) |
|||
| (7 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | {{DISPLAYTITLE:Synchronizing User Accounts with Kerio Connect}} | |
| − | + | {{Directory Services Preamble|Kerio Connect}} | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Accessing the Directory Service Integration == | == Accessing the Directory Service Integration == | ||
| + | {{Directory Services Accessing Configuration|Kerio Connect|Kerio_sync_01.png}} | ||
| − | + | == Connection to the Kerio Connect == | |
| − | + | For synchronization MailStore Server requires information on how to connect to the Kerio Connect. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | *'''Server Name'''<br/>DNS name or IP address of the Kerio Connect. If you use a self-signed or non-public SSL certificate on the Kerio Connect, please set a checkmark next to ''Ignore SSL Security Warnings''. In case the Kerio Server is reachable over a non-default port (the default port is 4040), the port can be appended to the server name with a colon. | |
| + | *'''User Name'''<br/>Name of a user with administrative privileges on the Kerio Connect. | ||
| + | *'''Password'''<br/>Password of that user. | ||
| − | + | === Synchronize === | |
| − | + | After configuring the connection settings as described above, you can specify filter criteria for the Kerio Connect user database synchronization in this section. | |
| − | |||
| − | |||
| − | |||
| − | + | *'''Domains and Groups'''<br/>Choose one or more domains or groups to let only their members be created as MailStore Server Users. If no domains or groups are selected, all users will be synchronized. | |
| − | + | {{Directory Services Options|Kerio Connect}} | |
| + | {{Directory Services Kerio Connect Authentication|Kerio Connect}} | ||
| + | {{Directory Services Assign Default Privileges|an Kerio Connect Server}} | ||
| + | {{Directory Services Run Synchronization|Kerio Connect}} | ||
| + | [[File:ApplicationIntegration_sync_02.png|450px|center]] | ||
| − | |||
| − | + | {{Directory Services Test Authentication}} | |
| + | {{Directory Services Login with Directory Services Credentials|Kerio Connect}} | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
[[de:Kerio_Connect-Integration]] | [[de:Kerio_Connect-Integration]] | ||
| + | [[en:Kerio_Connect_Integration]] | ||
Revision as of 06:53, 1 August 2017
In addition to adding users manually as described in chapter User Management, MailStore Server can synchronize its internal user database with the Kerio Connect of your organization.
During synchronization, user information, such as user names and email addresses, is copied from the Kerio Connect into MailStore Server's user database. That way, users can use their Kerio Connect credentials to also log on to MailStore Server and emails can be assigned to their corresponding user archives automatically, for example. No changes are made to the Kerio Connect itself by MailStore Server. The scope of the synchronization can be limited through filters.
Accessing the Directory Service Integration
- Log on to MailStore Client as a MailStore Server administrator.
- Click on Administrative Tools > Users and Archives > Directory Services.
- In the Integration section, change the directory service type to Kerio Connect.
Connection to the Kerio Connect
For synchronization MailStore Server requires information on how to connect to the Kerio Connect.
- Server Name
DNS name or IP address of the Kerio Connect. If you use a self-signed or non-public SSL certificate on the Kerio Connect, please set a checkmark next to Ignore SSL Security Warnings. In case the Kerio Server is reachable over a non-default port (the default port is 4040), the port can be appended to the server name with a colon. - User Name
Name of a user with administrative privileges on the Kerio Connect. - Password
Password of that user.
Synchronize
After configuring the connection settings as described above, you can specify filter criteria for the Kerio Connect user database synchronization in this section.
- Domains and Groups
Choose one or more domains or groups to let only their members be created as MailStore Server Users. If no domains or groups are selected, all users will be synchronized.
Options
- Automatically delete users in MailStore Server
Here you can choose whether users that have been deleted in the Kerio Connect will also be deleted in the MailStore Server user database by the synchronization. Users will also be deleted if they fall out of scope of the configured settings.
Only MailStore Server users that have their authentication method set to Directory Services will be deleted.
If the archive folder of such a user already contains archived emails, only the user entry but not its archive folder will be deleted in MailStore Server.
Authentication
As the Kerio Connect API only support synchronization, but not authentication of users, MailStore allows authenticate users via an IMAP login. To achieve this, you have to configure the following settings in the Authentication section:
- Kerio IMAP Server
Enter the IP address or the DNS name of the Kerio Connect server against which authentication should be performed. - IMAP Server Access
Configure the connection protocol. Be aware that IMAP servers often expect the connection to be encrypted (IMAP-TLS, IMAP-SSL). If the certificate provided by the remote host cannot be verified (e.g. self-signed or signed by an unknown certificate authority), enable the option Accept all certificates to allow MailStore to establish a connection. As this option leads to an insecure configuration, warnings may appear in the summary and/or the dashboard.
Important Notice: If your Kerio Connect users authenticate against an Active Directory or if you store the passwords as SHA hashes, you must disable CRAM-MD5 and DIGEST-MD5 under Configuration > Advanced Options > Security Policy in your Kerio Connect Server. Otherwise users will not be able to log on to MailStore.
Assigning Default Privileges
By default, users that have been synchronized to MailStore Server from an Kerio Connect Server have the privilege to log on to MailStore Server as well as read access to their own user archive.
You can configure those default privileges before synchronization, for example, to assign the privilege Archive E-mail to all new users. To do this, click on Default Privileges...
More information on managing user privileges and their effects is available in the chapter Users, Folders and Settings which also has details on editing existing privileges.
Running Directory Services Synchronization
Click on Test Settings to check synchronization configuration and the results returned by the Kerio Connect without any changes to the MailStore Server user database being actually committed.
To finally run the synchronization, click on Synchronize now. The results are shown with any changes committed to the MailStore Server user database.
You can test the authentication for a user by first selecting him from the list and then clicking on the button on the lower left. You will now be asked for that user's password. Upon clicking OK you'll receive a message whether the authentication has been successful.
Login with Kerio Connect Credentials
After synchronization MailStore users can log on to MailStore Server with their Kerio Connect username and Kerio Connect password.
