Users and Groups

In the user administration, you can manage users, groups, local e-mail addresses, the logon configuration, general and deputy policies.

The login configuration determines which user database is used to authorise users.
You can set multiple logon configurations (realms) to allow users to log on from different systems.
The default login configuration "local" uses the local user database of the REDDOXX Appliance.
It cannot be deleted or changed.
You can add, edit and delete realms.

Realm names must not contain spaces.

The following steps are necessary to create a login configuration:

  1. Click Add
  2. Select the type of logon configuration (Active Directory, Generic LDAP, Local)
  3. Enter the name as a description for the display in the Admin Interface, as well as a Display Name (display name for the users in the User Interface) and confirm with "Next".

Depending on the selected login configuration, the configuration options differ:

  1. Adjust the LDAP login configuration (LDAP server and backup server, as well as port and whether SSL should be used or not).
  2. Select a service account for user and group synchronisation.
  3. Test the settings with "Test LDAP connection" and continue with "Next".
  4. If you use public folders in the Exchange and the access rights should also be synchronised (important especially for e-mail activated public folders with activated recipient verification.), activate "Enable Public Folders" in the "Exchange Web Service" tab.
    Also enter an access-authorised user here (this user must have at least read permission for the corresponding public mailboxes, so a service account in the master permissions is recommended here), as well as the Exchange Web Service url.
    Basic Authentication to the Web Service is required for this access.

In the Exchange Management Shell you can determine the web service URL as follows:

Get-WebServicesVirtualDirectory | fl

Basic Authentication can be activated in the Exchange Management Shell as follows:

Get-WebServicesVirtualDirectory -Server $env:computername | Set-WebServicesVirtualDirectory -BasicAuthentication:$true
  1. Via "Test EWS Connection" you can check the availability of the WebService, then continue with "Next".
    If a "KDC reply did not match expectations" error occurs, please enter the user name with a capitalised domain, e.g. username@DOMAIN.TLD.
    In addition, it may be necessary to enter the Exchange Web Service URL part in lower case (ews/exchange.asmx).
  2. in the following area, select whether the UPN (User Principal Name => The e-mail address) should be used for logging in
    Attention: If the UPN setting needs to be changed after saving a realm, it is currently (no longer applies from 2034 SP1) necessary to delete the realm and create a new one.
    10) The settings for User lookup Query (to determine the distinguished name of the user) as well as the User and Group Object Filter correspond to the standard settings related to a Microsoft Active Directory to determine the associated user objects as well as all e-mail aliases and authorisations.
    If the AD schema does not correspond to the standard settings, please contact the administrator of the directory service and ask for the customised filters.
  3. if desired, you can regulate the groups / users to be synchronised via an OU filter (OU=IT,DC=Test,DC=Local would be the organisational unit IT in Test.Local)
  4. Test the settings via "Test user and group synchronisation" and confirm with "Next".
  5. Finally, you can choose whether the saving of passwords for the users should be prevented for security reasons and whether the synchronisation can be carried out automatically (daily at 11 p.m.).
  6. Complete the setup with "Save
  7. Afterwards you can choose whether the synchronisation should be carried out directly.
  8. You can define the realm created in this way as the new standard via "Set as standard", which means that it is directly preset as the realm for the user interfaces.

  1. customize the LDAP login configuration (LDAP server and backup server, as well as port and whether SSL should be used or not)
    The following is specified for the base DN in the example for openldap.rdx.com: dc=openldap,dc=rdx,dc=com
  2. select a service account for the user and group synchronization
    The following is specified for the user DN using the example of the user ldapservice in openldap.rdx.com: cn=ldapservice,dc=openldap,dc=rdx,dc=com
  3. the settings for User lookup Query (to determine the distinguished name of the user) as well as the User and Group Object filters correspond to the standard settings related to an OpenLDAP to determine the associated user objects as well as all e-mail aliases and authorisations.
    If the AD schema does not correspond to the standard settings, please contact the administrator of the directory service and ask for the customised filters.
  4. if desired, you can regulate the groups / users to be synchronised via an OU filter (OU=IT,DC=Test,DC=Local would be the organisational unit IT in Test.Local)
  5. finally, you can choose whether the saving of passwords for the users should be prevented for security reasons and whether the synchronization can be carried out automatically (daily 11 p.m.)
  6. complete the setup with "Save
  7. you can then choose whether the synchronization should be carried out directly
  8. you can define the realm created in this way as the new default via "Set as default", which means that it is directly preset as a realm in the user interfaces

  1. customize the LDAP login configuration (LDAP server and backup server, as well as port and whether SSL should be used or not)
    The organization is required for the base DN, in the example for domino.rdx.com the following is specified: O=rdx-dev
  2. select a service account for the user and group synchronization
    The following is specified for the user DN using the example of the user ldapservice in domino.rdx.com: cn=ldapservice
  3. the settings for User lookup Query (to determine the distinguished name of the user) and the User and Group Object filters correspond to the standard settings for a Domino LDAP to determine the associated user objects and all e-mail aliases and authorisations.
    If the AD schema does not correspond to the standard settings, please contact the administrator of the directory service and ask for the customised filters.
  4. if desired, you can regulate the groups / users to be synchronised via an OU filter (OU=IT,DC=Test,DC=Local would be the organisational unit IT in Test.Local)
  5. finally, you can choose whether the saving of passwords for the users should be prevented for security reasons and whether the synchronization can be carried out automatically (daily 11 p.m.)
  6. complete the setup with "Save
  7. you can then choose whether the synchronization should be carried out directly
  8. you can define the realm created in this way as the new default via "Set as default", which means that it is directly preset as a realm in the user interfaces

  1. Define whether the user is allowed to save the password for the login in the user interface or whether this should be prevented via "Disable Save Password" and save with "Save".

  • The Users section is used, among other things, for the manual administration of the respective licences.
  • First select the realm for which you want to make changes.
  • In local realms you can add, edit and delete users, add users via a CSV import, change passwords and assign and remove licences.
  • In AD realms, you can only edit users and assign and remove licences, as all other operations are synchronised from the directory.

Edit

In Edit mode, you can change the primary email address of the user (to which the quarantine notifications are sent) and customise the language and quarantine report.
The primary e-mail address is also important so that mails can be delivered to the logged-in user in the user interface.

The following steps are necessary to import users into a local realm via a CSV file:

1 Create a file in which the user name,password,e-mail address1,e-mail addressN ... are stored line by line.
2 Create a new Local Realm under "Realms" or use the default Local Realm in the following steps.
3 In the Users section, select the appropriate Local Realm from the drop-down list and click Import.
4 Select the file you have created and enter the desired target realm and the Spamfinder filter profile. to be applied to the imported users.
5 Confirm with Import users

Licences

  • Multiple users can be selected using the Shift / Ctrl and left click keys to simplify the allocation or removal of licences.
  • Licences can be allocated automatically if configured to do so.
  • The allocated licences are checked against the number of available licences.
  • If licences were allocated in a test position for which no or insufficient licences are available after the test position, the appliance reports "Invalid licence count" or "no valid licence".
    You can then discard licences per user here.

  • Groups are required to control user policies.
  • One or more users are assigned to a group.
  • You can add, edit and delete groups
  • Groups can only be created in Local Realms (areas), AD groups are created according to the synchronisation.

The following steps are necessary to create a group:

  1. Select the desired (local) realm for which a group is to be created.
  2. Select Add
  3. Enter a name for the group and, if desired, an explanation in the comment field.
  4. Select users from the drop-down list and add them to the group by clicking on "Add".
  5. Finish the settings with "Save

  • E-mail aliases (e-mail addresses) are assigned to a user.
  • You can add, edit and delete e-mail aliases and change the filter profile.

The following steps are necessary to create an e-mail alias:

  1. Select the Add entry in the selection list.
  2. Enter the desired e-mail address.
  3. Select via Assign to whether the e-mail address is to be assigned to a user or a group.
    If you add an e-mail address to a user, this user has access to the e-mail alias in the user interface.
    If you add an e-mail address to a group, all members of this group will have access to the e-mail alias in the user interface.
  4. Select a desired filter profile.
  5. Click Save to create the email alias now.

With the policies, you can create rules that determine the range of functions of the user console or the web interface for users.
Rules are always applied to groups or users.
Policies determine whether selected functions - for one - or more groups / users - are permitted or prohibited.

The following rules including an overview of the functions are available for selection:

  • General (Common): Outgoing queue, management of deputies, settings to user profile and user address.
  • Spamfinder: Spamfinder queue, selection of filter profile, e-mail preview, deletion of e-mails from Spam and Ciss queue
  • Spamfinder Filterlist: Blacklist and whitelist management for subject, sender and domains
  • Maildepot: Maildepot view, e-mail preview, attachments in e-mail preview, saving e-mails
  • Outlook Addin: Message archiving, restriction on maximum message size for archiving

When the user logs in, all existing policies are run through in order, from top to bottom.
The order of the policies can be set via drag & drop.

The following steps are necessary to create a policy:

  1. Click on Add
  2. Enter a name and description for the policy.
  3. Select whether the policy should be applied to all users or select the groups/users to which the policy should be applied.
  4. Switch to the Rules tab and configure the desired parameters accordingly.
  5. Complete the creation with 'Save'.
  6. If necessary, adjust the priority of the policy via Drag & Drop.

Deputy groups allow selected users or groups to access the e-mails of other (e.g. departed) users.
Please check first whether the permissions do not already exist via the directory service, as then the creation of deputy policies is no longer necessary.
The following steps are necessary to create a policy for deputies (who may access distribution addresses, for example)
The prerequisite is that the groups/users authorised for access and the users (e-mail addresses) to be accessed have already been created.

  1. Click on Add
  2. Enter a name and description and specify whether the policy should apply to groups or users (via Add Group / Add User).
  3. Switch to the "Deputy Addresses" tab.
  4. Add the addresses to be accessed via "Add address".
  5. Finish the configuration with Save

In the web interface/user guide, the authorised users (from step 2) can then select the aliases (from step 4) to be accessed as deputies via "Select deputy".