Solved: Unity Connection users' passwords for IMAP Exchange access

mmertens · ‎01-08-2009

I am a reseller at a customer site of about 5000 users performing a new UC deployment with Unity Connection 7. They are an Exchange2007 shop and we will be doing IMAP for email integration. My question is regarding setting up the UC user/passwords to get their emails from exchange. It appears I need to manually input the users' Exchange passwords in UC? Is there any way to get around this or do a bulk export/import or sync (just passwords) from AD?

Thanks!

lindborg · ‎01-08-2009

Users can edit their password for access to remote IMAP mailstores for themselves in the Unity Assistant web pages - which is normally how this is done.

there's no way to pull passwords out of AD for this purpose - you can pass a PW hash to AD and it'll tell you if it's valid or not but you can't pull it out and then use that against the IMAP login for Exchange. IMAP has no provision for "super user" work arounds such that a privalaged account can "login as" for any mailbox.

The only way for automatic authentication like this would be "Kerberos/Windows Integrated Authentication" - which actually doesn't help here because the automatic authentication could only work for connections from the users desktop and not our server.

We'd have to write something proprietary to MS going through something like WebDav or the Exchange web services interfaces (same would be true for each an every external IMAP mailstore folks wanted acccess to) - which is not suprisingly a bunch of work. So far as I know nothing like this is on the radar, but of course I'm not the guy they talk to about such things so I can't be certain it's not on someone's roadmap...

View solution in original post

lindborg · ‎01-08-2009

Users can edit their password for access to remote IMAP mailstores for themselves in the Unity Assistant web pages - which is normally how this is done.

there's no way to pull passwords out of AD for this purpose - you can pass a PW hash to AD and it'll tell you if it's valid or not but you can't pull it out and then use that against the IMAP login for Exchange. IMAP has no provision for "super user" work arounds such that a privalaged account can "login as" for any mailbox.

The only way for automatic authentication like this would be "Kerberos/Windows Integrated Authentication" - which actually doesn't help here because the automatic authentication could only work for connections from the users desktop and not our server.

We'd have to write something proprietary to MS going through something like WebDav or the Exchange web services interfaces (same would be true for each an every external IMAP mailstore folks wanted acccess to) - which is not suprisingly a bunch of work. So far as I know nothing like this is on the radar, but of course I'm not the guy they talk to about such things so I can't be certain it's not on someone's roadmap...