Synchronizing User Accounts with a Kerio Connect User Database

In addition to adding users manually (which is described in chapter User Management), MailStore Server can synchronize its internal user database with a Kerio Connect user database.

During synchronization user information such as user names and email addresses are read from the Kerio Connect user database and recorded in MailStore Server’s user database. MailStore Server makes no changes to the Kerio Connect user database itself. Synchronization can be limited to individual or multiple domains and groups.

Accessing the Directory Service Integration

Log on to MailStore Client as a MailStore Server administrator.
Click on Administrative Tools > Users and Privileges and then on Directory Services.
In the Integration section, change the directory service type to Kerio Connect.

Connection to the Kerio Connect

For synchronization MailStore Server requires information on how to connect to the Kerio Connect.

Server Name
DNS name or IP address of the Kerio Connect. If you use a self-signed or non-public SSL certificate on the Kerio Connect, please set a checkmark next to Ignore SSL Security Warnings.
User Name
Name of a user with administrative privileges on the Kerio Connect.
Password
Password of that user.

Synchronize

After configuring the connection settings as described above, you can specify filter criteria for the Kerio Connect user database synchronization in this section.

Domains and Groups
Choose one or more domains or groups to let only their members be created as MailStore Server Users. If no domains or groups are selected, all users will be synchronized.

Options

Automatically delete users in MailStore Server
Here you can choose whether users whose accounts have been deleted in the Kerio Connect will also be deleted in MailStore Server’s user database by the synchronization. If the archive folder of such a user already contains archived emails, only the user entry but not its archive folder will be deleted in MailStore Server. Additionally, only MailStore Server users that have their authentication method set to Directory Services will be deleted.

Assign Default Privileges

By default, users that have been synchronized to MailStore Server from a Kerio Connect have the privilege to log on to MailStore Server as well as read access to their own user archive.
You can configure those default privileges before synchronization, for example, to assign the privilege Archive E-mail to all new users. To do this, click on Default Privileges...
More information on managing user privileges and their effects is available in the chapter Users, Folders and Settings which also has details on editing existing privileges.

Run Directory Services Synchronization

Click on Test Settings to check synchronization configuration and the results returned by the Kerio Connect without any changes to the MailStore Server user database being actually committed.
To finally run the synchronization, click on Synchronize now. The results are shown with any changes committed to the MailStore Server user database.

Login with Kerio Connect Credentials

By default, each user created in MailStore Server has a local password. The MailStore Server administrator can specify this password during creation of a new user account. The respective user can later change this password in MailStore Client’s Quick Access section if he or she has ample privileges.

Alternatively, if a Kerio Connect is available, you can configure MailStore Server to allow users to log on to MailStore Server using their Kerio Connect credentials. To achieve this, you have to configure the following settings in the Authentication section:

Kerio IMAP Server
Enter the IP address or the DNS name of the Kerio Connect server against which authentication should be performed.
IMAP Server Access
Configure whether the connection to the Kerio IMAP server is to be unencrypted or IMAP-TLS/IMAP-SSL encrypted.
Ignore SSL Security Warnings (only when using IMAP-TLS and IMAP-SSL)
Activate this option if a self-signed or non-public certificate is used on the Kerio IMAP server. Otherwise the authentication will permanently fail.

Important Notice

If your Kerio Connect users authenticate against an Active Directory or if you store the passwords as SHA hashes, you must disable CRAM-MD5 and DIGEST-MD5 under Configuration > Advanced Options > Security Policy in your Kerio Connect Server. Otherwise users will not be able to log on to MailStore.

Procedure for Users Created by Synchronization with Kerio Connect

If you have created MailStore Server users by Kerio Connect synchronization as described in the previous section, no further action is required. In this case, MailStore Server has already configured all necessary settings automatically for you.

Procedure for Manually Created Users

If you have created MailStore Server users manually and want them to be able to log on using their Kerio Connect credentials, please proceed as follows:

Configure the Kerio Connect integration as described in chapter Synchronizing User Accounts with a Kerio Connect User Database.
Verify that the names of the MailStore Server users match those of the corresponding Kerio Connect users.
In the General Information section of the user properties select Directory Services for Authentication.