MailStore SPE Help - User contributions [en]

MailStore Server to MailStore SPE Migration

2015-01-22T01:32:27Z

Dwarren:

__NOTOC__
This guide shows you how to migrate a MailStore Server installation into the MailStore SPE.

This can be desired if the customer has been using MailStore Server before, but now he wants the archive to be stored in a service provider's datacenter.

Also, when an on-premise mailserver or on-premise e-mail files, like PSTs, should be archived by an SPE instance, it might be a good decision to do the [http://en.help.mailstore.com/Archiving_Email initial archiving with MailStore Server] in the customer's infrastructure, and then migrating the resulting MailStore databases into SPE. Since the MailStore databases usually are considerable smaller then the uncompressed e-mail volume, the amount of data to be transferred initially is significantly less. Usually a [https://my.mailstore.com/TrialLicense/RequestForm?lang=en MailStore Server Trial license] will do for that purpose.

The two products use a slightly different format of the ''MasterDatabase'', which contains the configuration, therefore it is not possible to move the entire ''MailArchive'' directory of MailStore Server into the SPE.
However, it is possible to transfer all the ''archive stores'', which contain the actual messages.

* First you have to [[Instance_Management_-_General_Administration#Creating_Instances| create an instance]]. The instance does not have to be started yet.
* Stop all archiving profiles in MailStore Server, either by setting the execution mode to ''manual'' or by disabling all scheduled tasks.
* [http://en.help.mailstore.com/MailStore_Server_Service_Configuration Stop] the MailStore Server service.
'''Important Notice:''' Do not start any of the archiving jobs on MailStore Server again, or else you might risk that some mails will not be archived by the new instance in the SPE.
* Copy the ''archive store'' directories from MailStore Server into the instance's ''Data'' directory. Do not transfer the ''MailStoreMaster.fdb'' and ''MailStore.xml'' files. Make sure, there is no remaining ''.lock'' file in one of the archive store directories. If there is any, the service is not stopped yet completely. When there are identical folder names, do not merge them, give them unique names before, instead.
* Start the SPE instance.
* [[Instance_Management_-_Instance_Administration#Attach_Existing_Archive_Store|Attach]] the transferred archive stores to the newly created instance.
* Depending on your setup:
** Create users or synchronize the instance with a directory service.
** Set compliance options.
** Check the rest of the configuration.
** Set up archiving profiles.

Firewall Configuration for Single Server Mode

2014-03-19T21:04:31Z

Dwarren:

__NOTOC__
It is highly recommended to protect any MailStore Service Provider Edition service with appropriate firewall rules. This document should help with setting up the required rules.

'''Important Notices:'''
* The communication channels described below MUST NOT be intercepted by any kind of email or web proxies that are provided as part of antivirus software or unified threat management gateways.
* The Windows Advanced Firewall is activated on any Windows Server installation by default. In order to connect to services (e.g. MailStore Management Console) of the MailStore Service Provider Edition, it is required that the appropriate firewall rules are added (see below).

= Firewall Rules For Single Server Mode =

The table below lists all TCP ports that need to be opened in the firewall when using MailStore Service Provider Edition in single server mode. The following abbreviations are used in the source and target columns of that table:

* ANY = Any computer from private or public networks
* ADM = Computer or network used for administration
* SERVER = Server that hosts MailStore Service Provider Edition

A list of all TCP ports used by MailStore Service Provider Edition is available in the [[System Requirements#Required Ports|System Requirements]]

{| class="wikitable sortable"
! width="80px" | Port
! width="80px" | Source
! width="80px" | Target
! class="unsortable"| Description
|-
| align="center" | 110
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via POP3 (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via IMAP (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | ANY
| align="center" | SERVER
| IMAP access to archives secured by TLS (STARTTLS) encryption.
|-
| align="center" | 389
| align="center" | SERVER
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using an unencrypted or STARTTLS-encrypted session.
|-
| align="center" | 443
| align="center" | SERVER
| align="center" | ANY
| Access to Microsoft Exchange servers for archiving via Exchange Web Services (EWS) secured by SSL encryption.
|-
| align="center" | 443
| align="center" | SERVER
| align="center" | my.mailstore.com
| Usage reporting and license update
|-
| align="center" | 443
| align="center" | ANY
| align="center" | SERVER
| HTTPS access to instances used by MailStore Client, MailStore Outlook Add-in, MailStore Web Access and MailStore Mobile Web Access.
|-
| align="center" | 636
| align="center" | SERVER
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using a SSL encrypted connection.
|-
| align="center" | 993
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via IMAP (SSL).
|-
| align="center" | 993
| align="center" | ANY
| align="center" | SERVER
| IMAP access to archives secured by TLS (SSL) encryption.
|-
| align="center" | 995
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via POP3 (SSL).
|-
| align="center" | 8470
| align="center" | ADM
| align="center" | SERVER
| Web-based access to the MailStore Management Console.
|}

== Windows Advanced Firewall ==

The Windows Advanced Firewall can easily be re-configured for Single Server Mode. By executing the following commands in the Windows PowerShell command prompt, the required TCP ports are opened for inbound connections. Outbound connections to any destination are allowed by default.

<source lang="powershell" toolbar="false" gutter="false">
# Allow access to CAS ports from everwhere
netsh advfirewall firewall add rule name="MailStore Service Provider Edition (CAS)" `
action=ALLOW dir=IN protocol=TCP localport="143,443,993" profile=ANY

# Allow access to MailStore Service Provider Management Console from adminstrator network 192.0.2.0/24
netsh advfirewall firewall add rule name="MailStore Service Provider Edition (MGMT)" `
action=ALLOW dir=IN protocol=TCP localport="8470" remoteip="192.0.2.0/24" profile=ANY
</source>

= Firewall Rules For Multi Server Mode =

The below table lists all TCP ports that need to be opened in the firewall when using MailStore Service Provider Edition in multi server mode. The following abbreviations are used in the source and target columns:

* ANY = Any computer from private or public networks
* ADM = Computer or network used for administration
* CAS = Server hosting Client Access Server role
* IH = Server hosting Instance Host role
* MGMT = Server hosting Management Server role

A list of all TCP ports used by MailStore Service Provider Edition is available in [[System Requirements#Required Ports|System Requirements]]

{| class="wikitable sortable"
! width="80px" | Port
! width="80px" | Source
! width="80px" | Target
! class="unsortable" | Description
|-
| align="center" | 110
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via POP3 (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via IMAP (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | ANY
| align="center" | CAS
| IMAP access to archives secured by TLS (STARTTLS) encryption.
|-
| align="center" | 389
| align="center" | IH
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using an unencrypted or STARTTLS-encrypted session.
|-
| align="center" | 443
| align="center" | IH
| align="center" | ANY
| Access to Microsoft Exchange Server for archiving via Exchange Web Services (EWS) secured by SSL encryption.
|-
| align="center" | 443
| align="center" | ANY
| align="center" | CAS
| HTTPS access to instances used by MailStore Client, MailStore Outlook Add-in, MailStore Web Access and MailStore Mobile Web Access.
|-
| align="center" | 443
| align="center" | MGMT
| align="center" | my.mailstore.com
| Usage reporting and license update
|-
| align="center" | 636
| align="center" | IH
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using a SSL encrypted connection.
|-
| align="center" | 993
| align="center" | ANY
| align="center" | CAS
| IMAP access to archives secured by TLS (SSL) encryption.
|-
| align="center" | 993
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via IMAP (SSL).
|-
| align="center" | 995
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via POP3 (SSL).
|-
| align="center" | 8470
| align="center" | ADM
| align="center" | MGMT
| Web-based access to the MailStore Management Console.
|-
| align="center" | 8470
| align="center" | IH, CAS
| align="center" | MGMT
| Optional: Required for initial pairing with Management Server. If not available, manual registration of Instance Hosts and Client Access Servers in Management Server is required.
|-
| align="center" | 8471
| align="center" | CAS, IH
| align="center" | MGMT
| Internal communication with Management Server
|-
| align="center" | 8472
| align="center" | MGMT, CAS
| align="center" | IH
| Internal communication with Instance Hosts
|-
| align="center" | 8473
| align="center" | MGMT
| align="center" | CAS
| Internal communication with Client Access Servers
|}

= What to do next =

In environments where the single server mode is sufficient, the setup procedure continues with configuration of MailStore Service Provider Edition as described in [[Single Server Mode Setup]].

In environments where a multi server mode setup is planned, deploy and install MailStore Service Provider Edition as described above on all other machines before continuing the setup process with the configuration of the Management Server role as described in [[Multi Server Mode Setup]].

Firewall Configuration for Single Server Mode

2014-03-19T20:44:01Z

Dwarren: /* Firewall Rules For Single Server Mode */

__NOTOC__
It is highly recommended to protect any MailStore Service Provider Edition service with appropriate firewall rules. This document should help with setting up the required rules.

'''Important Notices:'''
* The communication channels described below MUST NOT be intercepted by any kind of email or web proxies that are provided as part of antivirus software or unified threat management gateways.
* The Windows Advanced Firewall is activated on any Windows Server installation by default. In order to connect to services (e.g. MailStore Management Console) of the MailStore Service Provider Edition, it is required that the appropriate firewall rules are added (see below).

= Firewall Rules For Single Server Mode =

The table below lists all TCP ports that need to be opened in the firewall when using MailStore Service Provider Edition in single server mode. The following abbreviations are used in the source and target columns of that table:

* ANY = Any computer from private or public networks
* ADM = Computer or network used for administration
* SERVER = Server that hosts MailStore Service Provider Edition

A list of all TCP ports used by MailStore Service Provider Edition is available in the [[System Requirements#Required Ports|System Requirements]]

{| class="wikitable sortable"
! width="80px" | Port
! width="80px" | Source
! width="80px" | Target
! class="unsortable"| Description
|-
| align="center" | 110
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via POP3 (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via IMAP (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | ANY
| align="center" | SERVER
| IMAP access to archives secured by TLS (STARTTLS) encryption.
|-
| align="center" | 389
| align="center" | SERVER
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using an unencrypted or STARTTLS-encrypted session.
|-
| align="center" | 443
| align="center" | SERVER
| align="center" | ANY
| Access to Microsoft Exchange servers for archiving via Exchange Web Services (EWS) secured by SSL encryption.
|-
| align="center" | 443
| align="center" | SERVER
| align="center" | my.mailstore.com
| Usage reporting and license update
|-
| align="center" | 443
| align="center" | ANY
| align="center" | SERVER
| HTTPS access to instances used by MailStore Client, MailStore Outlook Add-in, MailStore Web Access and MailStore Mobile Web Access.
|-
| align="center" | 636
| align="center" | SERVER
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using a TLS encrypted connection.
|-
| align="center" | 993
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via IMAP (SSL).
|-
| align="center" | 993
| align="center" | ANY
| align="center" | SERVER
| IMAP access to archives secured by TLS (SSL) encryption.
|-
| align="center" | 995
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via POP3 (SSL).
|-
| align="center" | 8470
| align="center" | ADM
| align="center" | SERVER
| Web-based access to the MailStore Management Console.
|}

== Windows Advanced Firewall ==

The Windows Advanced Firewall can easily be re-configured for Single Server Mode. By executing the following commands in the Windows PowerShell command prompt, the required TCP ports are opened for inbound connections. Outbound connections to any destination are allowed by default.

<source lang="powershell" toolbar="false" gutter="false">
# Allow access to CAS ports from everwhere
netsh advfirewall firewall add rule name="MailStore Service Provider Edition (CAS)" `
action=ALLOW dir=IN protocol=TCP localport="143,443,993" profile=ANY

# Allow access to MailStore Service Provider Management Console from adminstrator network 192.0.2.0/24
netsh advfirewall firewall add rule name="MailStore Service Provider Edition (MGMT)" `
action=ALLOW dir=IN protocol=TCP localport="8470" remoteip="192.0.2.0/24" profile=ANY
</source>

= Firewall Rules For Multi Server Mode =

The below table lists all TCP ports that need to be opened in the firewall when using MailStore Service Provider Edition in multi server mode. The following abbreviations are used in the source and target columns:

* ANY = Any computer from private or public networks
* ADM = Computer or network used for administration
* CAS = Server hosting Client Access Server role
* IH = Server hosting Instance Host role
* MGMT = Server hosting Management Server role

A list of all TCP ports used by MailStore Service Provider Edition is available in [[System Requirements#Required Ports|System Requirements]]

{| class="wikitable sortable"
! width="80px" | Port
! width="80px" | Source
! width="80px" | Target
! class="unsortable" | Description
|-
| align="center" | 110
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via POP3 (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via IMAP (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | ANY
| align="center" | CAS
| IMAP access to archives secured by TLS (STARTTLS) encryption.
|-
| align="center" | 389
| align="center" | IH
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using an unencrypted or STARTTLS-encrypted session.
|-
| align="center" | 443
| align="center" | IH
| align="center" | ANY
| Access to Microsoft Exchange Server for archiving via Exchange Web Services (EWS) secured by SSL encryption.
|-
| align="center" | 443
| align="center" | ANY
| align="center" | CAS
| HTTPS access to instances used by MailStore Client, MailStore Outlook Add-in, MailStore Web Access and MailStore Mobile Web Access.
|-
| align="center" | 443
| align="center" | MGMT
| align="center" | my.mailstore.com
| Usage reporting and license update
|-
| align="center" | 636
| align="center" | IH
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using a TLS encrypted connection.
|-
| align="center" | 993
| align="center" | ANY
| align="center" | CAS
| IMAP access to archives secured by TLS (SSL) encryption.
|-
| align="center" | 993
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via IMAP (SSL).
|-
| align="center" | 995
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via POP3 (SSL).
|-
| align="center" | 8470
| align="center" | ADM
| align="center" | MGMT
| Web-based access to the MailStore Management Console.
|-
| align="center" | 8470
| align="center" | IH, CAS
| align="center" | MGMT
| Optional: Required for initial pairing with Management Server. If not available, manual registration of Instance Hosts and Client Access Servers in Management Server is required.
|-
| align="center" | 8471
| align="center" | CAS, IH
| align="center" | MGMT
| Internal communication with Management Server
|-
| align="center" | 8472
| align="center" | MGMT, CAS
| align="center" | IH
| Internal communication with Instance Hosts
|-
| align="center" | 8473
| align="center" | MGMT
| align="center" | CAS
| Internal communication with Client Access Servers
|}

= What to do next =

In environments where the single server mode is sufficient, the setup procedure continues with configuration of MailStore Service Provider Edition as described in [[Single Server Mode Setup]].

In environments where a multi server mode setup is planned, deploy and install MailStore Service Provider Edition as described above on all other machines before continuing the setup process with the configuration of the Management Server role as described in [[Multi Server Mode Setup]].

Firewall Configuration for Single Server Mode

2014-03-19T20:40:12Z

Dwarren: /* Firewall Rules For Multi Server Mode */

__NOTOC__
It is highly recommended to protect any MailStore Service Provider Edition service with appropriate firewall rules. This document should help with setting up the required rules.

'''Important Notices:'''
* The communication channels described below MUST NOT be intercepted by any kind of email or web proxies that are provided as part of antivirus software or unified threat management gateways.
* The Windows Advanced Firewall is activated on any Windows Server installation by default. In order to connect to services (e.g. MailStore Management Console) of the MailStore Service Provider Edition, it is required that the appropriate firewall rules are added (see below).

= Firewall Rules For Single Server Mode =

The table below lists all TCP ports that need to be opened in the firewall when using MailStore Service Provider Edition in single server mode. The following abbreviations are used in the source and target columns of that table:

* ANY = Any computer from private or public networks
* ADM = Computer or network used for administration
* SERVER = Server that hosts MailStore Service Provider Edition

A list of all TCP ports used by MailStore Service Provider Edition is available in the [[System Requirements#Required Ports|System Requirements]]

{| class="wikitable sortable"
! width="80px" | Port
! width="80px" | Source
! width="80px" | Target
! class="unsortable"| Description
|-
| align="center" | 110
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via POP3 (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via IMAP (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | ANY
| align="center" | SERVER
| IMAP access to archives secured by TLS (STARTTLS) encryption.
|-
| align="center" | 443
| align="center" | SERVER
| align="center" | ANY
| Access to Microsoft Exchange servers for archiving via Exchange Web Services (EWS) secured by SSL encryption.
|-
| align="center" | 443
| align="center" | SERVER
| align="center" | my.mailstore.com
| Usage reporting and license update
|-
| align="center" | 443
| align="center" | ANY
| align="center" | SERVER
| HTTPS access to instances used by MailStore Client, MailStore Outlook Add-in, MailStore Web Access and MailStore Mobile Web Access.
|-
| align="center" | 993
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via IMAP (SSL).
|-
| align="center" | 993
| align="center" | ANY
| align="center" | SERVER
| IMAP access to archives secured by TLS (SSL) encryption.
|-
| align="center" | 995
| align="center" | SERVER
| align="center" | ANY
| Access to email servers for archiving via POP3 (SSL).
|-
| align="center" | 8470
| align="center" | ADM
| align="center" | SERVER
| Web-based access to the MailStore Management Console.
|}

== Windows Advanced Firewall ==

The Windows Advanced Firewall can easily be re-configured for Single Server Mode. By executing the following commands in the Windows PowerShell command prompt, the required TCP ports are opened for inbound connections. Outbound connections to any destination are allowed by default.

<source lang="powershell" toolbar="false" gutter="false">
# Allow access to CAS ports from everwhere
netsh advfirewall firewall add rule name="MailStore Service Provider Edition (CAS)" `
action=ALLOW dir=IN protocol=TCP localport="143,443,993" profile=ANY

# Allow access to MailStore Service Provider Management Console from adminstrator network 192.0.2.0/24
netsh advfirewall firewall add rule name="MailStore Service Provider Edition (MGMT)" `
action=ALLOW dir=IN protocol=TCP localport="8470" remoteip="192.0.2.0/24" profile=ANY
</source>

= Firewall Rules For Multi Server Mode =

The below table lists all TCP ports that need to be opened in the firewall when using MailStore Service Provider Edition in multi server mode. The following abbreviations are used in the source and target columns:

* ANY = Any computer from private or public networks
* ADM = Computer or network used for administration
* CAS = Server hosting Client Access Server role
* IH = Server hosting Instance Host role
* MGMT = Server hosting Management Server role

A list of all TCP ports used by MailStore Service Provider Edition is available in [[System Requirements#Required Ports|System Requirements]]

{| class="wikitable sortable"
! width="80px" | Port
! width="80px" | Source
! width="80px" | Target
! class="unsortable" | Description
|-
| align="center" | 110
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via POP3 (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via IMAP (Unencrypted/STARTTLS).
|-
| align="center" | 143
| align="center" | ANY
| align="center" | CAS
| IMAP access to archives secured by TLS (STARTTLS) encryption.
|-
| align="center" | 389
| align="center" | IH
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using an unencrypted or STARTTLS-encrypted session.
|-
| align="center" | 443
| align="center" | IH
| align="center" | ANY
| Access to Microsoft Exchange Server for archiving via Exchange Web Services (EWS) secured by SSL encryption.
|-
| align="center" | 443
| align="center" | ANY
| align="center" | CAS
| HTTPS access to instances used by MailStore Client, MailStore Outlook Add-in, MailStore Web Access and MailStore Mobile Web Access.
|-
| align="center" | 443
| align="center" | MGMT
| align="center" | my.mailstore.com
| Usage reporting and license update
|-
| align="center" | 636
| align="center" | IH
| align="center" | ANY
| Access to LDAP servers (including Microsoft Active Directory) using a TLS encrypted connection.
|-
| align="center" | 993
| align="center" | ANY
| align="center" | CAS
| IMAP access to archives secured by TLS (SSL) encryption.
|-
| align="center" | 993
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via IMAP (SSL).
|-
| align="center" | 995
| align="center" | IH
| align="center" | ANY
| Access to email servers for archiving via POP3 (SSL).
|-
| align="center" | 8470
| align="center" | ADM
| align="center" | MGMT
| Web-based access to the MailStore Management Console.
|-
| align="center" | 8470
| align="center" | IH, CAS
| align="center" | MGMT
| Optional: Required for initial pairing with Management Server. If not available, manual registration of Instance Hosts and Client Access Servers in Management Server is required.
|-
| align="center" | 8471
| align="center" | CAS, IH
| align="center" | MGMT
| Internal communication with Management Server
|-
| align="center" | 8472
| align="center" | MGMT, CAS
| align="center" | IH
| Internal communication with Instance Hosts
|-
| align="center" | 8473
| align="center" | MGMT
| align="center" | CAS
| Internal communication with Client Access Servers
|}

= What to do next =

In environments where the single server mode is sufficient, the setup procedure continues with configuration of MailStore Service Provider Edition as described in [[Single Server Mode Setup]].

In environments where a multi server mode setup is planned, deploy and install MailStore Service Provider Edition as described above on all other machines before continuing the setup process with the configuration of the Management Server role as described in [[Multi Server Mode Setup]].

Implementing an Application Integration Server

2014-02-25T07:25:05Z

Dwarren:

In addition to adding users manually, an instance can synchronize its internal user database with different directory services like Active Directory, MDaemon, IceWarp MailServer or Kerio Connect.

The following describes how to synchronize users from sources that are not natively supported by MailStore Service Provider Edition. This can be virtually any user database that can be accessed via programming or scripting languages, for instance SQL server databases or plain text files.

= Implementing an Application Integration Server =

Before connecting an instance to a user directory using the Application Integration, an appropriate Application Integration server has to be created first.

Application Integration servers can be written in any programming or scripting language. They must either provide their own HTTP server interface or be accessible via an existing HTTP server.

== Synchronizing Users ==

The Application Integration server must accept the following parameter via HTTP POST request to initialize the synchronization.

{| class="wikitable"
! width=80px | Name
! Description
|-
| <tt>cmd</tt>
| For synchronizing users the ''cmd'' parameter must be set to ''list''.
|}

The returned HTTP response must contain valid JSON formatted data. When synchronizing users, the following data structure is expected for each user object. Multiple users must be returned as an array of JSON objects.

{| class="wikitable"
! width=150px | Name
! width=120px | Type
|-
| <tt>userName</tt>
| string
|-
| <tt>distinguishedName</tt>
| string ''(optional)''
|-
| <tt>fullName</tt>
| string ''(optional)''
|-
| <tt>emailAddresses</tt>
| array ''(optional)''
|}

== Example ==
=== HTTP Request ===

<source lang="xml" toolbar="false" gutter="false">
POST /mailstore-integration/index.php HTTP/1.1
Authorization: Basic bWFpbHN0b3JlQGV4YW1wbGUudGVzdDpQYXNzdzByZA==
User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Host: mail.example.test
Accept: */*
Content-Length: 8
Content-Type: application/x-www-form-urlencoded

cmd=list
</source>

=== HTTP Response ===

<source lang="xml" toolbar="false" gutter="false">
HTTP/1.1 200 OK
X-Powered-By: PHP/5.4.4-14+deb7u5
Content-Type: text/json; charset=utf8
Date: Fri, 13 Dec 2013 14:20:27 GMT
Server: lighttpd/1.4.31
Content-Length: 23812
Accept-Ranges: none
Connection: Keep-Alive

[
{
"userName": "john.doe",
"distinguishedName": "UID=john.doe,DC=example,DC=com",
"fullName": "john.doe",
"emailAddresses": [
"john.doe@example.com",
"john@example.com"
]
},
{
"userName": "jane.doe",
"distinguishedName": "UID=jane.doe,DC=example,DC=com",
"fullName": "jane.doe",
"emailAddresses": [
"jane.doe@example.com",
"jane@example.com"
]
}
]
</source>

== Authenticating Users ==
The Application Integration server must accept the following parameters via HTTP POST request to authenticate users.

{| class="wikitable"
! width=80px | Name
! Description
|-
| <tt>cmd</tt>
| For authenticating users the ''cmd'' parameter must be set to ''auth''.
|-
| <tt>user</tt>
| The ''user'' parameter contains the user name to be authenticated.
|-
| <tt>pass</tt>
| The ''pass'' parameter contains the password to be verified.
|}

The returned HTTP response must contain valid JSON formatted data. When authenticating users, the following data structure is expected.

{| class="wikitable"
! width=150px | Name
! width=120px | Type
|-
| <tt>succeeded</tt>
| boolean
|}

== Examples ==
=== HTTP Request ===

<source lang="xml" toolbar="false" gutter="false">
POST /mailstore-integration/index.php HTTP/1.1
Authorization: Basic bWFpbHN0b3JlQGV4YW1wbGUudGVzdDpQYXNzdzByZA==
User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Host: mail.example.test
Accept: */*
Content-Length: 8
Content-Type: application/x-www-form-urlencoded

cmd=auth&user=john.doe&pass=Passw0rd
</source>

=== HTTP Response - Authentication Successful ===

<source lang="xml" toolbar="false" gutter="false">
HTTP/1.1 200 OK
X-Powered-By: PHP/5.4.4-14+deb7u5
Content-Type: text/json; charset=utf8
Date: Fri, 13 Dec 2013 14:20:27 GMT
Server: lighttpd/1.4.31
Content-Length: 21
Accept-Ranges: none
Connection: Keep-Alive

{
succeeded: true
}
</source>

=== HTTP Response - Authentication Failed ===

<source lang="xml" toolbar="false" gutter="false">
HTTP/1.1 200 OK
X-Powered-By: PHP/5.4.4-14+deb7u5
Content-Type: text/json; charset=utf8
Date: Fri, 13 Dec 2013 14:20:27 GMT
Server: lighttpd/1.4.31
Content-Length: 22
Accept-Ranges: none
Connection: Keep-Alive

{
succeeded: false
}
</source>

= Using the Application Integration =

During synchronization, user information such as user names and email addresses are read and recorded in the instance's user database. No changes are made to the source database where user information is synchronized from.

== Accessing Directory Service Integration ==
* Log on to the MailStore Service Provider Edition instance as an administrator.
* Click on ''Administrative Tools'' > ''Users and Privileges'' and then on ''Directory Services''.
* In the ''Integration'' section, change the directory service type to ''Application Integration''.

== Connection ==
For synchronization, the instance requires information on how to connect to the Application Integration server.

* '''URL''' URL which the instance should connect to.
** ''Ignore SSL warnings'' Activate this option if a self-signed or non-public certificate is used on the HTTP server.
** ''Server requires authentication'' If the HTTP server requires authentication to access the specified URL, check this option to enable the ''User Name'' and ''Password'' fields.
* '''User Name''' User name for basic authentication to access the given URL.
* '''Password''' Password for basic authentication to access the given URL.

== Options ==

* '''Automatically delete users in MailStore Server''' Here you can choose whether users whose accounts have been deleted in the source database will also be deleted in MailStore Server's user database by the synchronization. If the archive folder of such a user already contains archived emails, only the user entry but not its archive folder will be deleted in MailStore Server. Additionally, only MailStore Server users that have their authentication method set to ''Directory Services'' will be deleted.

== Assign Default Privileges ==

By default, users that have been synchronized to an instance have the privilege to log on as well as read access to their own user archive.
You can configure those default privileges before synchronization, for example, to assign the privilege ''Archive E-mail'' to all new users. To do this, click on ''Default Privileges...''

== Run Directory Services Synchronization ==

Click on ''Test Settings'' to check synchronization configuration and the results returned by the Application Integration server without any changes to the instance's user database being actually committed.
To finally run the synchronization, click on ''Synchronize now''. The results are shown with any changes committed to the instance's user database.

Main Page

2014-02-20T15:26:44Z

Dwarren: /* Related Articles */

__NOTOC__
{{DISPLAYTITLE:MailStore Service Provider Edition Help}}

Service providers receive an unlimited, scalable software solution with MailStore Service Provider Edition, which they will be able to independently operate either on their existing IT infrastructures or those they have leased. This help website has an exclusive focus on installing and setting up the backend of the MailStore Service Provider Edition. For administration of MailStore Instances, which is comparable to the on-premises solution MailStore Server, please visit the [http://en.help.mailstore.com/ MailStore Server Help]

{|
| style="vertical-align: top; width: 50%" |
= General Information =
An introduction to the architecture, the most typical usage scenarios of the MailStore Service Provider Edition and further general yet important information are given by the following articles:

* [[Overview]]
* [[Performance and Scalability Guidelines]]
* [[Frequently Asked Questions]]
| style="vertical-align: top; width: 50%" |
= Installation and Setup =
The ''Installation and Setup'' chapter provides an entire walkthrough of installation and setup process of MailStore Service Provider Edition. Each article ends with a "What to do next" section that guides to the next step.

* [[System Requirements]]
* [[Installing MailStore Service Provider Edition]]
* [[Firewall Configuration]]
* [[Single Server Mode Setup]] or [[Multi Server Mode Setup]]
* [[Replace Self-signed SSL Certificates]]
* [[Branding]]
|-
| style="vertical-align: top; width: 50%" |

= Management Console =
The MailStore Management Console is the primary, web based administration utility for MailStore Service Provider Edition administrators. The following articles provide a general overview of all available functions. Every function of the Management Console also has a corresponding [[Management API - Function Reference|Management API command]], which allows full, script-based control over MailStore Service Provider Edition.

* [[Management_Console|Logging On & Navigation]]
* [[Management_Console_-_General|General]]
* [[Management_Console_-_Infrastructure|Infrastructure]]
* [[Management_Console_-_Security|Security]]
* [[Management_Console_-_Developer|Developer]]
| style="vertical-align: top; width: 50%" |

= Instance Management =
Managing MailStore Instances consist of two main areas: ''General Administration'' covers all aspects of creating, controlling and configuring instances, whereas ''Instance Administration'' deals with the administration of internal parameters for each instance such as archive stores, search indexes, user synchronization, archiving profiles, etc.

* [[Instance Management - General Administration| General Administration]]
* [[Instance Management - Instance Administration | Instance Administration]]

= Related Articles =

* [[Backup and Restore]]
* [[Application Integration|Directory Service: Application Integration]]
* [[Generic LDAP Integration|Directory Service: Generic LDAP Integration]]
* [[End Customer Access]]
* [[Startup Scripts]]
|-
| style="vertical-align: top; width: 50%" |

= Management API =
The Management API extends the management capabilities of the MailStore Service Provider Edition by providing a HTTP based access to all management functions. This allows to fully automate the administration of MailStore Service Provider Edition via scripts or even integration into centralized management solutions. For an even faster development, example API libraries for different scripting and programming languages are provided.

* [[Management API - Using the API|Using the API]]
* [[Management API - Function Reference|Function Reference]]
* [[Management API - Command Line Client|Command Line Client]]
: '''Example Implementation of API Libraries'''
:* [[PowerShell_API_Wrapper_Tutorial|PowerShell]]
:* Python
| style="vertical-align: top; width: 50%" |

= Downloads =

:'''Active Directory Group Policy Templates'''

* [ftp://ftp.mailstore.com/spe/MailStoreSPE_ADM.zip ADM-Template]
* [ftp://ftp.mailstore.com/spe/MailStoreSPE_ADMX.zip ADMX-Template]

:'''Example API Libraries and Clients'''
* [ftp://ftp.mailstore.com/pub/Scripts/PowerShell/MSSPE.PS.Lib.zip PowerShell Library]
* Python Library
* [ftp://ftp.mailstore.com/spe/MailStoreSPE_Linux_Management_API_Client.zip Linux Management API Client]
|}