1-888-77-Kerio
Home » Categories » Kerio Connect » Server configuration » LDAP and Directory Services
Icon Printer Icon Email      Icon Twitter Icon Digg Icon Stumbleupon Icon de.icio.us Icon FaceBook

Connecting Kerio Connect to directory service

Overview

Mapping accounts from a directory service provides these benefits:

  • Easy account administration — You can manage user accounts from a single location. This reduces possible errors and simplifies administration.

  • Online cooperation of Kerio Connect and directory service — Adding, modifying and removing user accounts/groups in the LDAP database is applied to Kerio Connect immediately.

  • Using domain name and password for login — Users can use the same credentials for Kerio Connect Client login and domain login.

  • Mapping is one-way only. Data is synchronized from a directory service to Kerio Connect. Adding new users/groups in Kerio Connect creates local accounts.

  • If a directory server is unavailable, it is not possible to access Kerio Connect. Create at least one local administrator account or enable the built-in admin.

  • Use ASCII for usernames when creating user accounts in a directory service.

Supported directory services

Kerio Connect supports:

Microsoft Active Directory

To connect Kerio Connect to Microsoft Active Directory:

  1. On the Microsoft Active Directory server, install the Kerio Active Directory Extension.

  2. In the Kerio Connect administration interface, go to Configuration → Domains.

  3. Double-click the domain and switch to the Directory Service tab.

  4. Select Map user accounts and groups from a directory service.

  5. As a Directory service type, select Microsoft Active Directory from the drop-down menu.

  6. In the Hostname field, type the DNS name or IP address of the Microsoft Active Directory server.

    If you enable secure connection in step 8, use the DNS name.

    If a non-standard port is used for communication between Kerio Connect and Microsoft Active Directory, add the port number to the hostname.

  7. Type the Username and Password of a Microsoft Active Directory administrator with full access rights to the administration.

  8. To protect data, such as user passwords, sent from Microsoft Active Directory to Kerio Connect and vice versa, select Enable secured connection (LDAPS).

  9. Click Test connection to verify you typed the correct data.

  10. On the Advanced tab, specify the Kerberos realm.

    See the Kerberos authentication section below.

  11. Save the settings.

Now you can map users to Kerio Connect.

Image

Apple Open Directory

  1. On the Apple Open Directory server, install the Kerio Open Directory Extension.

  2. In the Kerio Connect administration interface, go to Configuration → Domains.

  3. Double-click the domain and switch to the Directory Service tab.

  4. Select Map user accounts and groups from a directory service.

  5. As a Directory service type, select Apple Open Directory from the drop-down list.

  6. In the Hostname field, type the DNS name or IP address of the Microsoft Active Directory server.

    If you enable secure connection in step 8, use the DNS name.

    If a non-standard port is used for communication between Kerio Connect and Microsoft Active Directory, add the port number to the hostname.

  7. Type the Username and Password of an Apple Open Directory administrator with full access rights to the administration.

  8. To protect data, such as user passwords, sent from Microsoft Active Directory to Kerio Connect and vice versa, select Enable secured connection (LDAPS).

  9. Click Test connection to verify you entered the correct data.

  10. On the Advanced tab, specify the Kerberos realm.

    See the Kerberos authentication section below.

  11. Save the settings.

Now you can map users to Kerio Connect.

Image

Kerberos authentication

To use the Kerberos authentication:

  1. Verify that Kerio Connect belongs to the Active Directory or Open Directory domain.

  2. In the administration interface, go to Configuration → Domains.

  3. Double-click a domain and switch to the Advanced tab.

  4. (For Linux installations only) Type the PAM service name.

    For additional information, see Authenticating users through PAM.

  5. Type the Kerberos realm name.

    The Kerberos realm name is your domain name and Kerio Connect specifies it automatically upon domain creation.

  6. If you are using the Windows NT domain, type the domain name.

  7. (Optional) Select Bind this domain to specific IP address and type the IP address .

    Users accessing Kerio Connect from this IP address use only their username (without the domain name) to log in.

  8. Click OK.

Image

You can display a column with the Kerberos info in Configuration → Domains.

Image

Mapping users from directory services

For information on activating users, read article Creating user accounts in Kerio Connect.

Migrating user accounts from local database to directory service

For detailed information, read article Migrating user accounts from local database to directory service.

Troubleshooting

All information about directory service can be found in the Debug and Warning logs.


comments powered by Disqus