Difference between revisions of "Cool Solution - Kerio Connect"

From Univention Wiki

Jump to: navigation, search
Line 92: Line 92:
  
 
== Adding LDAP-Connection ==
 
== Adding LDAP-Connection ==
- Login in at Kerio Connect administration interface IP-Address:4040/admin.
+
- Login in at Kerio Connect administration interface IP-Address:4040/admin.
- Go to Configuration -> Domains -> YourDomain -> Edit -> Directory Service
+
- Go to Configuration -> Domains -> YourDomain -> Edit -> Directory Service
- Check "Map user accounts and groups from a directory service to this domain"
+
- Check "Map user accounts and groups from a directory service to this domain"
- Choose Apple Open Directory (Kerberos 5 authentication) as Directory service type
+
- Choose Apple Open Directory (Kerberos 5 authentication) as Directory service type
- In the Directory server (domain controller) section choose:
+
- In the Directory server (domain controller) section choose:
 
  Hostname: localhost:7389
 
  Hostname: localhost:7389
 
  Username: DN-Kerio-Useraccount from UMC
 
  Username: DN-Kerio-Useraccount from UMC
 
  Password: xxxxx
 
  Password: xxxxx
- "Test Connection".
+
- "Test Connection".
  
 
== Mapping LDAP-Attributes ==  
 
== Mapping LDAP-Attributes ==  

Revision as of 15:11, 23 January 2014

This article is stub and will be updated!!!

This article describes briefly the installation and configuration of Kerio Connect under UCS 3.2 on a DC Master. Setting: Master: - Desktop - DHCP - Samba 4


Prerequisite

Create a Kerio-Useraccount with admin rights in the Univention-Management-Console.

Login & Download

Login on the master:

ssh root@master

Download the Kerio Connect software. For Debian and Ubuntu (64-bit) you can use:

wget http://download.kerio.com/dwn/connect/connect-8.2.2-2224/kerio-connect-8.2.2-2224-linux-amd64.deb

You can search for other applicable packages at Kerio download page.

Install

Before installing check if there are any other mail server running (eg. postfix or sendmail):

/etc/init.d/postfix status

If this is the case stop them with:

/etc/init.d/postfix stop

And disable the autostart:

ucr set postfix/autostart=no

After that install the downloaded package with:

dpkg -i kerio-connect-8.2.2-2224-linux-amd64.deb

If the basic setup screen doesn't show up you have to start it manually with:

cd /opt/kerio/mailserver         
dpkg-reconfigure kerio-connect


Configure UCS

By default all non standard ports on the UCS Firewall are blocked. Therefor you need to open the port 4040 for the Kerio Connect administration interface. In the Univention Management Console or with:

ucr set security/packetfilter/package/kerioconnect/tcp/4040/all=ACCEPT
ucr set security/packetfilter/package/kerioconnect/tcp/4040/all/en="Kerio Connect administration interface"

Afterwards restart to let the settings take effect.


Adding LDAP Schema Extensions

On the master download and copy the LDAP Schema to the shared Univention-LDAP directory:

wget http://kb.kerio.com/assets/kerio-mailserver.schema
mv kerio-mailserver.schema /usr/share/univention-ldap/schema/

In the Univention-Info directory you have to register the schema. Create a new file with:

touch /etc/univention/templates/info/kerio-mailserver.info

And add:

Type: multifile
Multifile: etc/ldap/slapd.conf
Variables: ldap/server/type
Variables: ldap/master
Type: subfile
Multifile: etc/ldap/slapd.conf
Subfile: etc/ldap/slapd.conf.d/67kerio-mailserver_schema 

Afterwards create a new file with:

touch /etc/univention/templates/files/etc/ldap/slapd.conf.d/67kerio-mailserver_schema

And add:

@!@
import os.path
schema = '/usr/share/univention-ldap/schema/kerio-mailserver.schema'
if configRegistry['ldap/server/type'] == 'master' and os.path.exists(schema):
       print 'include         %s' % schema
@!@

Thereafter you have to regenerate the slapd.conf with:

ucr commit /etc/ldap/slapd.conf 

Adding extended attributes in UCS

For a further description about extended attributes see the developer reference. To create extended attributes in the UCS-LDAP it is recommended to create it in the custom attributes container under LDAP_BASE -> univention -> custom attributes in the UMC. Add a container "kerioconnect" with type "Container: Container" and add all Kerio Connect extended attributes. The minimal attribute set for Kerio Connect user are:

- objectClass: kerio-Mail-User 
- kerio-Mail-Active: 1

For the Kerio Connect Group the minimal definition is:

- objectClass: kerio-Mail-Group
- kerio-Mail-Active: 1

Additional attributes can be added according to the kerio-mailserver.schema.

Configure Kerio Connect

To configure Kerio Connect you will need to do some customization.

Change LDAP-Ports

You need to change the default LDAP-Ports in the mailserver.cfg. Stop Kerio Connect with:

/etc/init.d/kerio-connect stop

Change LDAP-Ports 389/636 to 7389/7636 in:

/opt/kerio/mailserver/mailserver.cfg

Afterwards start Kerio Connect with:

/etc/init.d/kerio-connect start

Adding LDAP-Connection

- Login in at Kerio Connect administration interface IP-Address:4040/admin.
- Go to Configuration -> Domains -> YourDomain -> Edit -> Directory Service
- Check "Map user accounts and groups from a directory service to this domain"
- Choose Apple Open Directory (Kerberos 5 authentication) as Directory service type
- In the Directory server (domain controller) section choose:
Hostname: localhost:7389
Username: DN-Kerio-Useraccount from UMC
Password: xxxxx
- "Test Connection".

Mapping LDAP-Attributes

Get and move LDAP-Mapping to mapping directory:

wget http://kb.kerio.com/assets/openldap.map
mv openldap.map /opt/kerio/mailserver/ldapmap/

Stop Kerio Connect with:

/etc/init.d/kerio-connect stop

Change Variable "MapFile" in your newly created Ldap configuration in /opt/kerio/mailserver/mailserver.cfg to openldap.map:

<variable name="MapFile">openldap.map</variable>

Afterwards start Kerio Connect with:

/etc/init.d/kerio-connect start


Change ports of Webmail user interface

The Kerio Connect mailserver listen by default on 80/443 for the webmail user interface. This conflicts with the running Apache so that you need to switch to a different port or different IP address for the user interface. The section below describes how you can switch to a different port. - In the Kerio Connect administration interface - Go to Configuration -> Services - Edit the HTTP and/or the HTTPS services - On the "Properties" tab, select the port value and choose to "Edit" - Change the number in the "Port" field to a value of your choice and apply the changes



Troubleshooting:

If you get an "Package not found error" like:

dpkg: Abhängigkeitsprobleme verhindern Konfiguration von kerio-connect:
kerio-connect hängt ab von sysstat; aber:
Paket sysstat ist nicht installiert.
dpkg: Fehler beim Bearbeiten von kerio-connect (--install):
Abhängigkeitsprobleme - verbleibt unkonfiguriert
Fehler traten auf beim Bearbeiten von:
kerio-connect

Use:

univention-install packagename

Maybe it is also necessary to activate "unmaintained repositories" with:

ucr set repository/online/unmaintained='yes'

LDAP-Connection Problems can be tested with: ldapsearch -x -H ldap://localhost:7389 -D dn -w password

Kerio Log:

/opt/kerio/mailserver/store/logs

Ldap debugging:

/etc/init.d/slapd stop
slapd -d 1 -h ldap://127.0.0.1:7389

source: http://www.asconix.com/howtos/debian/kerio-connect-univention-ucs-howto http://kb.kerio.com/product/kerio-connect/installation-and-upgrade/installing-kerio-connect-1124.html

Personal tools