31 Mar How to Synchronise MailStore Users with a Remote MDaemon server
In order for any users to log in to email archiving software MailStore Server, a local ‘MailStore’ user account needs to exist.
You could simply just manually create users, entering usernames and passwords individually. However for any installation with more than a handful of users, as you can probably imagine, that can soon end up becoming a pain.
For this reason, MailStore includes the directory services feature to synchronise local accounts with an external user list which is what I’m going to cover in this post.
A key advantage of using directory services synchronisation is that passwords are not then kept within MailStore, but instead, are checked against the central user database each time a user logs in. This way if the user’s password changes it is automatically updated within MailStore.
MailStore provides different methods to synchronise these accounts with a user database and for customers of Exchange alternative MDaemon Messaging Server, there’s a custom option for linking directly into the user database.
Historically, however, this, only really worked if both MailStore and MDaemon were on the same LAN. In the latest version 9 of MailStore, there’s now a new feature called application integration synchronisation which allows for remote server synchronisation.
Synchronising MailStore and MDaemon when on the same LAN
Before we look at the new User Verification feature lets have a quick look at how to use the existing Directory Services ‘MDaemon USERLIST.DAT’ method to synchronise MailStore accounts with a local MDaemon server.
Open the MailStore Client and log in with an Administrator account, then navigate to Administrative Tools -> Users and Privileges -> Directory Services
This ‘MDaemon USERLIST.DAT’ method works by allowing MailStore file access to the MDaemon user database and additional files within the MDaemon ‘app’ folder within the MDaemon installation folder.
MailStore needs access to open and read the config files in order to synchronise user accounts. This works well when MailStore is installed on the same server as MDaemon and also works well on the same LAN by using a UNC path as shown above.
If, however, your MDaemon server is on a totally different site, in order for MailStore to access the files you would have to either set up a VPN or some other replication of the data files, which is not always practical.
Connecting remotely using the new application integration method
In MailStore 9.0, a new method of directory services synchronisation has been added. This application integration method enables developers of 3rd party application to work to a standard mechanism for sharing relevant user details needed for MailStore to synchronise.
Alt-N Technologies, developers of MDaemon very quickly included this feature into MDaemon by providing a specific dynamic link library (DLL) into their WorldClient web server.
Application integration connects over standard web services, usually, HTTPS for added security and so can be used by any MailStore server across the Internet to connect to a remote MDaemon server.
In MDaemon, you need to add the following DLL file into the WorldClient HTML folder.
32-Bit MDaemon: http://files.altn.com/MDaemon/release/mailstoreintegration.zip
Step 1 Once you’ve downloaded the DLL from the source above, copy this file into the C:\MDaemon\WorldClient\HTML\ folder. This is assuming MDaemon is installed on the C drive.
Step 2 Next We need to make a small change to the WorldClient.ini file in order for the New MailStoreIntegration.dll file to be recognised.
So edit C:\MDaemon\WorldClient\worldclient.ini in notepad and add the following lines…
Under the [webserver] section add…
Please note these new entries should be added after the existing entries for ‘CgiBase5’ and ‘CgiFile5’
At the end of the file add a new [MailStoreIntegration] section and define the name of the MDaemon group to synchronise the users from…
Then restart the WorldClient service within MDaemon for the changes to get applied.
Step 3 Create a new group in MDaemon under ‘Accounts -> Groups and Templates’ – lets call it ‘mailstore-archived-users’ – and add all the MDaemon accounts to that group that we wish to archive email for.
Note: In the future, if you need to archive any new email accounts you can simply add those users to this MDaemon group and MailStore will pick them up on the next directory services check.
Step 4 The application integration service will connect to MDaemon’s WorldClient web service over HTTP or HTTPS, so make sure you have WorldClient accessible publicly on either port 80 or 443. If using HTTPS make sure you have a valid SSL certificate configured.
I always recommend you use HTTPS where possible – so if you need more information on configuring WorldClient to work over HTTPS, have a look at this Knowledgebase article.
Step 5 In order for MailStore to connect to MDaemon we will need it to authenticate using an MDaemon Global Administrator account. If you haven’t yet created one of these, simply create a new account in MDaemon called ‘MailStore’, give it a strong password and then make it a Global Administrator.
Now that our MDaemon server is ready to accept Application Integration requests we need to configure MailStore to request a list of valid users.
Step 1 Open the MailStore Client and navigate to Administrative Tools -> Users and Privileges -> Directory Services
Step 2 Choose ‘Application Integration’ as the directory services type
Step 3 Enter the URL of your WorldClient server followed by MailStoreIntegration.dll.
Step 4 If using HTTPS, tick the option to ‘Ignore SSL warnings’
(this is needed if using self-signed SSL certificates)
Step 5 Tick the option for ‘Server requires authentication’
Step 6 Enter the MDaemon ‘Mailstore’ user account details you set up as a global administrator
Step 7 I recommend you tick the option to ‘Automatically delete users in MailStore Server’ when they are removed from the MDaemon group. This will keep your user list in sync with MDaemon.
Note: no user archives are ever deleted in MailStore, even when the user account is removed.
Once set up I would recommend you choose the test option to make sure everything is working as expected.
Finally, simply run the synchronisation to add the users into MailStore.
It’s worth noting that with both directory services synchronisation methods users passwords are checked in real-time against MDaemon so you will not be able to authenticate with MailStore in the event that MDaemon is unavailable.