Overview
You may wish to setup Kerio Connect functionality in such a way that access is restricted to some services for specific users. For instance, you may wish to allow only CalDAV and CardDAV protocols for Calendar and Contacts Syncing respectively. Alternatively, you may wish to restrict access to any service for any users from a certain IP Address Group.
Solution
You can accomplish this in two steps; first by creating a User Access policy that defines the restrictions, and then by assigning this policy to the users to which access needs to be restricted.
Defining the User Access Policy:
- In the administration interface, go to Configuration (Gear Icon). Under the Definitions section, click User Access Policies.
- Click Add Policy.
- Enter a name for the policy, in this example we will call it Only WebDav, CalDav, CardDav.
- Click the Add restriction link.
- Select a Protocol from the drop-down menu.
- Select the level of access (Allow/Deny/Allow only to). In this example, we will allow WebDAV, CalDAV, and CardDAV protocol only for the local client's IP address group. All other protocols should be denied. You can add multiple restrictions.
- Set access for the remaining (unselected) protocols.
- Click Apply.
- To remove a restriction, select it and click Remove.
- To remove a policy, select it and click Remove.
- (Optional) If you want to disable mail server communication server-wide and leave only one specific service, i.e. HTTPS, stop the necessary services accordingly. For more information, please refer to Kerio Connect Services.
Assigning Policies to Users
- In the administration interface, go to Accounts > Users.
- Double-click a user and go to the Rights tab.
- Select the Access policy from the drop-down list that you created in the previous section. In this example, it was Only WebDav, CalDav, CardDav.
- Click OK.
Confirmation and Testing
Test if the policy works by logging in as a user and attempt to access the service.
If any problem regarding services occurs, consult the Debug log by selecting the appropriate message type option (service to be logged):
Service type | Debug options |
SMTP | SMTP Server and SMTP client |
POP3 | POP3 Server |
IMAP | IMAP Server |
NNTP | NNTP Server |
LDAP | LDAP Server |
HTTP |
|
XMPP | Instant Messaging and XMPP Server |
Too many log messages may slow down your server. Once you solve your problem, disable the logging.