Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Limit external access to Z-Push

    Z-Push when using Kopano
    5
    8
    895
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • isol
      isol last edited by

      Hello, I am wondering how I can limit external access to certain accounts via z-push. All users use outlook with z-push internally, so I cannot switch off mobile access to disable external logins for certain users. Probably I need a combination of IP network and user to do this, perhaps with a proxy? But how does the proxy get the username? Or does anybody have a better way or idea?

      1 Reply Last reply Reply Quote 0
      • externa1
        externa1 last edited by

        Hi
        AFAIK there is no real possibility beside creating an allow list on your web server (but then you’ll have to know the IP of your mobile user!!)
        I think only way to get a good result is to create allow list for internal IP’s and let the users who need external Outlook connectivity connect through VPN

        rg
        Christian

        1 Reply Last reply Reply Quote 0
        • thctlo
          thctlo last edited by

          If member of group “mobile” allow external logins.
          you can do that with ldap groups.

          see: https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html

          1 Reply Last reply Reply Quote 0
          • Manfred
            Manfred Kopano last edited by

            Hi @isol,

            Z-Push supports enabled and disabled features of kopano. There are ‘mobile’ and ‘outlook’ features which Z-Push checks on logon. E.g. you could add ‘outlook’ to enabled features list and ‘mobile’ to disabled features list of a user and then he’ll only be able to use Z-Push via Outlook.

            Manfred

            isol 1 Reply Last reply Reply Quote 0
            • isol
              isol @Manfred last edited by

              @manfred: I know that these features exist, but “outlook” in this sense refers to the MAPI connection; we use acitvesync for outlook (as recommended by kopano) and therefore disabling “mobile” would mean cutting off all outlook users (=all users). So this does not help here. What we need is more complicated: we need to check for an external allowance at the webserver level.

              fbartels 1 Reply Last reply Reply Quote 0
              • fbartels
                fbartels Kopano @isol last edited by

                @isol said in Limit external access to Z-Push:

                but “outlook” in this sense refers to the MAPI connection

                No, that is not true. This refers to Outlook connecting over ActiveSync.

                Regards Felix

                Resources:
                https://kopano.com/blog/how-to-get-kopano/
                https://documentation.kopano.io/
                https://kb.kopano.io/

                Support overview:
                https://kopano.com/support/

                1 Reply Last reply Reply Quote 0
                • isol
                  isol last edited by

                  Ok, but still the fact holds that I cannot disable “mobile” if all users are Outlook client users (ActiveSync) in the office.
                  I will look into the LDAP group approach mentioned, looks like we would just need to modify the Apache z-push configuration. I I succeed I will post the solution here.

                  fbartels 1 Reply Last reply Reply Quote 0
                  • fbartels
                    fbartels Kopano @isol last edited by

                    @isol said in Limit external access to Z-Push:

                    but still the fact holds that I cannot disable “mobile” if all users are Outlook client users (ActiveSync) in the office.

                    No. You can disable mobile, since for outlook over activesync the flag outlook is evaluated.

                    Regards Felix

                    Resources:
                    https://kopano.com/blog/how-to-get-kopano/
                    https://documentation.kopano.io/
                    https://kb.kopano.io/

                    Support overview:
                    https://kopano.com/support/

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post