Cool Solution - Kerio Connect

From Univention Wiki

Revision as of 14:35, 23 January 2014 by Smidt (talk | contribs)
Jump to: navigation, search

This article is stub and will be updated!!!

This article describes briefly the installation and configuration of Kerio Connect under UCS 3.2 on a DC Master. Setting: Master: - Desktop - DHCP - Samba 4


Create a Kerio-Useraccount with admin rights in the Univention-Management-Console.

Login & Download

Login on the master:

ssh root@master

Download the Kerio Connect software. For Debian and Ubuntu (64-bit) you can use:


You can search for other applicable packages at Kerio download page.


Before installing check if there are any other mail server running (eg. postfix or sendmail):

/etc/init.d/postfix status

If this is the case stop them with:

/etc/init.d/postfix stop

And disable the autostart:

ucr set postfix/autostart=no

After that install the downloaded package with:

dpkg -i kerio-connect-8.2.2-2224-linux-amd64.deb

If the basic setup screen doesn't show up you have to start it manually with:

cd /opt/kerio/mailserver         
dpkg-reconfigure kerio-connect

Configure UCS

By default all non standard ports on the UCS Firewall are blocked. Therefor you need to open the port 4040 for the Kerio Connect administration interface. In the Univention Management Console or with:

ucr set security/packetfilter/package/kerioconnect/tcp/4040/all=ACCEPT
ucr set security/packetfilter/package/kerioconnect/tcp/4040/all/en="Kerio Connect administration interface"

Afterwards restart to let the settings take effect.

Adding LDAP Schema Extensions

On the master download and copy the LDAP Schema to the shared Univention-LDAP directory:

mv kerio-mailserver.schema /usr/share/univention-ldap/schema/

In the Univention-Info directory you have to register the schema. Create a new file with:

touch /etc/univention/templates/info/

And add:

Type: multifile
Multifile: etc/ldap/slapd.conf
Variables: ldap/server/type
Variables: ldap/master
Type: subfile
Multifile: etc/ldap/slapd.conf
Subfile: etc/ldap/slapd.conf.d/67kerio-mailserver_schema 

Afterwards create a new file with:

touch /etc/univention/templates/files/etc/ldap/slapd.conf.d/67kerio-mailserver_schema

And add:

import os.path
schema = '/usr/share/univention-ldap/schema/kerio-mailserver.schema'
if configRegistry['ldap/server/type'] == 'master' and os.path.exists(schema):
       print 'include         %s' % schema

Thereafter you have to regenerate the slapd.conf with:

ucr commit /etc/ldap/slapd.conf 

Adding extended attributes in UCS

For a further description about extended attributes see the developer reference. To create extended attributes in the UCS-LDAP it is recommended to create it under the the custom attributes container under LDAP_BASE -> univention -> custom attributes in the eval "$(ucr shell)" univention-directory-manager container/cn create "$@" --ignore_exists \

               --position "cn=custom attributes,cn=univention,$ldap_base" \
               --set name=kerioconnect

In this kerioconnect container can all Kerio Connect extended attributes. The minimal attribute set for Kerio Connect user are: - objectClass: kerio-Mail-User - kerio-Mail-Active: 1 For the Kerio Connect Group the minimal definition is: - objectClass: kerio-Mail-Group - kerio-Mail-Active: 1 You can


udm settings/extended_attribute remove --dn "dn" In UCM gruppe anlegen und user hinzufügen, dann sollten in kerio erstmal user sichtbar sein und mailserver.cfg anpassen wie [1]

Configure Kerio

To configure the UCS Server you will need to do some customization. The Kerio Connect mailserver listen by default on 80/443 for the webmail user interface. This conflicts with the running Apache so that you need to switch to a different port or different IP address for the user interface. The section below describes how you can switch to a different port.

Setting up other IP.

Stop Kerio Connect with:

/etc/init.d/kerio-connect stop

Change LDAP-Ports 389 & 636 to 7389 & 7636 in:


Afterwards start Kerio Connect with:

/etc/init.d/kerio-connect start

On the backup login at:


Choose Configuration -> Domains -> YourDomain -> Edit -> Directory Service Check "Map user accounts and groups from a directory service to this domain" Choose Apple Open Directory (Kerberos 5 authentication) as Directory service type In the Directory server (domain controller) section choose:

Hostname: localhost:7389
Username: DN-KerioAdminUser from UMC
Password: xxxxx

and "Test Connection".


If you get an "Package not found error" like:

dpkg: Abhängigkeitsprobleme verhindern Konfiguration von kerio-connect:
kerio-connect hängt ab von sysstat; aber:
Paket sysstat ist nicht installiert.
dpkg: Fehler beim Bearbeiten von kerio-connect (--install):
Abhängigkeitsprobleme - verbleibt unkonfiguriert
Fehler traten auf beim Bearbeiten von:


univention-install packagename

Maybe it is also necessary to activate "unmaintained repositories" with:

ucr set repository/online/unmaintained='yes'

LDAP-Connection Problems can be tested with: ldapsearch -x -H ldap://localhost:7389 -D dn -w password

Kerio Log:


Ldap debugging:

/etc/init.d/slapd stop
slapd -d 1 -h ldap://


Personal tools