Difference between revisions of "Cool Solution - Kerio Connect"

From Univention Wiki

Jump to: navigation, search
Line 70: Line 70:
 
== Adding extended attributes in UCS ==
 
== Adding extended attributes in UCS ==
 
For a further description about extended attributes see the [http://docs.univention.de/developer-reference-3.2.html#udm:ea developer reference].  
 
For a further description about extended attributes see the [http://docs.univention.de/developer-reference-3.2.html#udm:ea developer reference].  
To create extended attributes in the UCS-LDAP it is recommended to create it under the the custom attributes container under LDAP_BASE -> univention -> custom attributes in the  
+
To create extended attributes in the UCS-LDAP it is recommended to create it in the custom attributes container under LDAP_BASE -> univention -> custom attributes in the UMC. Add a container "kerioconnect" with type "Container: Container" and add all Kerio Connect extended attributes.
eval "$(ucr shell)"
 
univention-directory-manager container/cn create "$@" --ignore_exists \
 
                --position "cn=custom attributes,cn=univention,$ldap_base" \
 
                --set name=kerioconnect
 
In this kerioconnect container can all Kerio Connect extended attributes.
 
 
The minimal attribute set for Kerio Connect user are:
 
The minimal attribute set for Kerio Connect user are:
 
- objectClass: kerio-Mail-User  
 
- objectClass: kerio-Mail-User  
Line 82: Line 77:
 
- objectClass: kerio-Mail-Group
 
- objectClass: kerio-Mail-Group
 
- kerio-Mail-Active: 1
 
- kerio-Mail-Active: 1
You can  
+
Additional attributes can be added according to the kerio-mailserver.schema.
  
attributes/objectClasses
+
= Configure Kerio Connect =
 +
To configure Kerio Connect you will need to do some customization.
  
udm settings/extended_attribute remove --dn "dn"
+
== Change LDAP-Ports ==
In UCM gruppe anlegen und user hinzufügen, dann sollten
+
You need to change the default LDAP-Ports in the mailserver.cfg.
in kerio erstmal user sichtbar sein
+
Stop Kerio Connect with:
 +
/etc/init.d/kerio-connect stop
 +
Change LDAP-Ports 389/636 to 7389/7636 in:
 +
/opt/kerio/mailserver/mailserver.cfg
 +
Afterwards start Kerio Connect with:
 +
/etc/init.d/kerio-connect start
  
 +
== Adding LDAP-Connection ==
 +
- Login in at Kerio Connect administration interface IP-Address:4040/admin.
 +
- Go to Configuration -> Domains -> YourDomain -> Edit -> Directory Service
 +
- Check "Map user accounts and groups from a directory service to this domain"
 +
- Choose Apple Open Directory (Kerberos 5 authentication) as Directory service type
 +
- In the Directory server (domain controller) section choose:
 +
Hostname: localhost:7389
 +
Username: DN-Kerio-Useraccount from UMC
 +
Password: xxxxx
 +
- "Test Connection".
  
 +
== Mapping LDAP-Attributes ==
 +
Get and move LDAP-Mapping to mapping directory:
 +
wget http://kb.kerio.com/assets/openldap.map
 +
mv openldap.map /opt/kerio/mailserver/ldapmap/
  
gal_openldap.map
+
Stop Kerio Connect with:
openldap.map und mailserver.cfg anpassen wie [http://kb.kerio.com/product/kerio-connect/server-configuration/ldap-and-directory-services/mapping-users-groups-from-openldap-or-generic-ldap-server-294.html]
+
/etc/init.d/kerio-connect stop
 +
Change Variable "MapFile" in your newly created Ldap configuration in /opt/kerio/mailserver/mailserver.cfg to openldap.map:
 +
<variable name="MapFile">openldap.map</variable>
 +
Afterwards start Kerio Connect with:
 +
/etc/init.d/kerio-connect start
  
= Configure Kerio =
 
  
To configure the UCS Server you will need to do some customization. The Kerio Connect mailserver listen by default on 80/443 for the webmail user interface.
+
== Change ports of Webmail user interface ==
 +
The Kerio Connect mailserver listen by default on 80/443 for the webmail user interface.
 
This conflicts with the running Apache so that you need to switch to a different port or different IP address for the user interface. The section below describes how you can switch to a different port.
 
This conflicts with the running Apache so that you need to switch to a different port or different IP address for the user interface. The section below describes how you can switch to a different port.
 +
- In the Kerio Connect administration interface
 +
- Go to Configuration -> Services
 +
- Edit the HTTP and/or the HTTPS services
 +
- On the "Properties" tab, select the port value and choose to "Edit"
 +
- Change the number in the "Port" field to a value of your choice and apply the changes
  
  
  
 
 
 
Setting up other IP.
 
 
Stop Kerio Connect with:
 
/etc/init.d/kerio-connect stop
 
Change LDAP-Ports 389 & 636 to 7389 & 7636 in:
 
/opt/kerio/mailserver/mailserver.cfg
 
Afterwards start Kerio Connect with:
 
/etc/init.d/kerio-connect start
 
On the backup login at:
 
localhost:4040/admin
 
Choose Configuration -> Domains -> YourDomain -> Edit -> Directory Service
 
Check "Map user accounts and groups from a directory service to this domain"
 
Choose Apple Open Directory (Kerberos 5 authentication) as Directory service type
 
In the Directory server (domain controller) section choose:
 
Hostname: localhost:7389
 
Username: DN-KerioAdminUser from UMC
 
Password: xxxxx
 
and "Test Connection".
 
  
  

Revision as of 15:09, 23 January 2014

This article is stub and will be updated!!!

This article describes briefly the installation and configuration of Kerio Connect under UCS 3.2 on a DC Master. Setting: Master: - Desktop - DHCP - Samba 4


Prerequisite

Create a Kerio-Useraccount with admin rights in the Univention-Management-Console.

Login & Download

Login on the master:

ssh root@master

Download the Kerio Connect software. For Debian and Ubuntu (64-bit) you can use:

wget http://download.kerio.com/dwn/connect/connect-8.2.2-2224/kerio-connect-8.2.2-2224-linux-amd64.deb

You can search for other applicable packages at Kerio download page.

Install

Before installing check if there are any other mail server running (eg. postfix or sendmail):

/etc/init.d/postfix status

If this is the case stop them with:

/etc/init.d/postfix stop

And disable the autostart:

ucr set postfix/autostart=no

After that install the downloaded package with:

dpkg -i kerio-connect-8.2.2-2224-linux-amd64.deb

If the basic setup screen doesn't show up you have to start it manually with:

cd /opt/kerio/mailserver         
dpkg-reconfigure kerio-connect


Configure UCS

By default all non standard ports on the UCS Firewall are blocked. Therefor you need to open the port 4040 for the Kerio Connect administration interface. In the Univention Management Console or with:

ucr set security/packetfilter/package/kerioconnect/tcp/4040/all=ACCEPT
ucr set security/packetfilter/package/kerioconnect/tcp/4040/all/en="Kerio Connect administration interface"

Afterwards restart to let the settings take effect.


Adding LDAP Schema Extensions

On the master download and copy the LDAP Schema to the shared Univention-LDAP directory:

wget http://kb.kerio.com/assets/kerio-mailserver.schema
mv kerio-mailserver.schema /usr/share/univention-ldap/schema/

In the Univention-Info directory you have to register the schema. Create a new file with:

touch /etc/univention/templates/info/kerio-mailserver.info

And add:

Type: multifile
Multifile: etc/ldap/slapd.conf
Variables: ldap/server/type
Variables: ldap/master
Type: subfile
Multifile: etc/ldap/slapd.conf
Subfile: etc/ldap/slapd.conf.d/67kerio-mailserver_schema 

Afterwards create a new file with:

touch /etc/univention/templates/files/etc/ldap/slapd.conf.d/67kerio-mailserver_schema

And add:

@!@
import os.path
schema = '/usr/share/univention-ldap/schema/kerio-mailserver.schema'
if configRegistry['ldap/server/type'] == 'master' and os.path.exists(schema):
       print 'include         %s' % schema
@!@

Thereafter you have to regenerate the slapd.conf with:

ucr commit /etc/ldap/slapd.conf 

Adding extended attributes in UCS

For a further description about extended attributes see the developer reference. To create extended attributes in the UCS-LDAP it is recommended to create it in the custom attributes container under LDAP_BASE -> univention -> custom attributes in the UMC. Add a container "kerioconnect" with type "Container: Container" and add all Kerio Connect extended attributes. The minimal attribute set for Kerio Connect user are: - objectClass: kerio-Mail-User - kerio-Mail-Active: 1 For the Kerio Connect Group the minimal definition is: - objectClass: kerio-Mail-Group - kerio-Mail-Active: 1 Additional attributes can be added according to the kerio-mailserver.schema.

Configure Kerio Connect

To configure Kerio Connect you will need to do some customization.

Change LDAP-Ports

You need to change the default LDAP-Ports in the mailserver.cfg. Stop Kerio Connect with:

/etc/init.d/kerio-connect stop

Change LDAP-Ports 389/636 to 7389/7636 in:

/opt/kerio/mailserver/mailserver.cfg

Afterwards start Kerio Connect with:

/etc/init.d/kerio-connect start

Adding LDAP-Connection

- Login in at Kerio Connect administration interface IP-Address:4040/admin. - Go to Configuration -> Domains -> YourDomain -> Edit -> Directory Service - Check "Map user accounts and groups from a directory service to this domain" - Choose Apple Open Directory (Kerberos 5 authentication) as Directory service type - In the Directory server (domain controller) section choose:

Hostname: localhost:7389
Username: DN-Kerio-Useraccount from UMC
Password: xxxxx

- "Test Connection".

Mapping LDAP-Attributes

Get and move LDAP-Mapping to mapping directory:

wget http://kb.kerio.com/assets/openldap.map
mv openldap.map /opt/kerio/mailserver/ldapmap/

Stop Kerio Connect with:

/etc/init.d/kerio-connect stop

Change Variable "MapFile" in your newly created Ldap configuration in /opt/kerio/mailserver/mailserver.cfg to openldap.map:

<variable name="MapFile">openldap.map</variable>

Afterwards start Kerio Connect with:

/etc/init.d/kerio-connect start


Change ports of Webmail user interface

The Kerio Connect mailserver listen by default on 80/443 for the webmail user interface. This conflicts with the running Apache so that you need to switch to a different port or different IP address for the user interface. The section below describes how you can switch to a different port. - In the Kerio Connect administration interface - Go to Configuration -> Services - Edit the HTTP and/or the HTTPS services - On the "Properties" tab, select the port value and choose to "Edit" - Change the number in the "Port" field to a value of your choice and apply the changes



Troubleshooting:

If you get an "Package not found error" like:

dpkg: Abhängigkeitsprobleme verhindern Konfiguration von kerio-connect:
kerio-connect hängt ab von sysstat; aber:
Paket sysstat ist nicht installiert.
dpkg: Fehler beim Bearbeiten von kerio-connect (--install):
Abhängigkeitsprobleme - verbleibt unkonfiguriert
Fehler traten auf beim Bearbeiten von:
kerio-connect

Use:

univention-install packagename

Maybe it is also necessary to activate "unmaintained repositories" with:

ucr set repository/online/unmaintained='yes'

LDAP-Connection Problems can be tested with: ldapsearch -x -H ldap://localhost:7389 -D dn -w password

Kerio Log:

/opt/kerio/mailserver/store/logs

Ldap debugging:

/etc/init.d/slapd stop
slapd -d 1 -h ldap://127.0.0.1:7389

source: http://www.asconix.com/howtos/debian/kerio-connect-univention-ucs-howto http://kb.kerio.com/product/kerio-connect/installation-and-upgrade/installing-kerio-connect-1124.html

Personal tools