This article describes the procedure to change the user's authentication method from the internal database to Microsoft Active Directory or Apple Open Directory in Kerio Connect.
In some situations, you may have users configured in Kerio Connect with internal authentication, and you would like to change their authentication method to a Directory Service. This can be done quite easily, and with little or no disruption to the user.
- Ensure that your Kerio Connect server is properly authenticated on the Kerberos domain of your Directory Server.
- Ensure that your Kerio Connect server is correctly mapped to the Directory Server and that the schema extensions have been installed.
- Log into the Web Administration and navigate to the Users dialog (Accounts > Users).
- Edit the user and take note of any custom configurations such as email addresses, quotas, rights, or message restrictions.
- Remove the user you would like to authenticate against your Directory Server.
- When prompted, choose "Do not delete the user's message folder." Also, uncheck the option to remove aliases and other memberships (as you will be immediately re-adding the user).
- Choose to add a user, and specify that they will be mapped from a directory service.
- Locate the user from the list and add them. Update any custom configuration regarding email addresses, quotas, rights, or message restrictions.
The login name of the Directory-based account must match the login name of the internal user account. If they differ, you will need to follow the instructions outlined in the Renaming User Accounts in Kerio Connect article.
You can also switch users from Directory-based to Internal by reversing the instructions above.