Jump to content

Impersonation O365


RyanMesser

Recommended Posts

Hi, 

Is there anyway that Hornbill supports mailboxes that are impersonated in Exchange? IE as an Inbound Mail service in Hornbill if I set the address as an existing resource or shared mailbox in Exchange and then use an account that has delegated permissions to connect to that mailbox? This is just to preserve accounts that already exist as shared mailboxes in Exchange but so we can utilise features such as Raise New Request etc in Hornbill. 

Thanks

Ryan

Link to comment
Share on other sites

Hi, 

No they need to be exported out into the Hornbill mailbox, but I can't see how this would work with a shared mailbox in Exchange as the shared mailbox has no credentials. A shared mailbox isn't a person and is shared by many therefore each person actually uses their own credentials to authenticate against the mailbox or by using a service account. However, I can't see if there is a way of doing this in Hornbill. 

In the section I think you would need another field such as as "email address" then specify the username and password rather than making the username the mailbox you export emails from Exchange you use the email address field as the mailbox you export from Exchange. Its similar to room booking by where you use a service account to connect to the mailbox but you are exporting the calendar from the room account rather than exporting direct from the service account. 

image.thumb.png.2ba30eff0805e8fe7c5b483ccdd63029.png
Ryan

Link to comment
Share on other sites

You can just use a service account for the credentials (which is kind of what we do) 

All the permissions in Hornbill do is allow you to send and receive mail as the service account (or what ever account is set in Exchange with Full Access or Send As permissions) 

So for our IT Service Desk mailbox there is a service account (ITServiceDeskUser) which is used to set up the mailbox in Hornbill (and anywhere else we need an account attached to the mailbox to send/receive) 

Link to comment
Share on other sites

@RyanMesser

Thanks for the clarification. The problem is IMAP does not support that concept of specifying a mailbox to be in the context of, so it would depend on how Microsoft’s specific implementation works. I found the following document which seems to suggest you can the “usernam/alias-name” format as the IMAP login ID. I have never tried this myself but it’s worth a shot.

Gerry

https://social.technet.microsoft.com/Forums/ie/en-US/6369118f-7dee-4728-ac1c-a0c706b3d290/office-365-exchange-online-how-to-access-a-shared-mailbox-using-thunderbird-or-other-imap-client?forum=onlineservicesexchange

Link to comment
Share on other sites

Yes you are correct, what i should of said to start with was that I was hoping for maybe EWS implementation using the EWS managed API which would allow you to do impersonate mailboxes with service accounts as we do this quite often with other products.

Yes this is a well known method and again do this already with other software so I'll give it a try and reply with how I get on.

Thanks

Ryan

Link to comment
Share on other sites

@RyanMesser

Thanks for the response, yes I understand.  To be honest I have been thinking about tighter integration with o365, IMAP is limited and EWS Rest API looks like it has come on a long way.  I will add this to the backlog of things to look at, having reviewed the EWS documentation I think adding an o365-specific integration connector for tighter integration is more than viable. Hopefully the above will serve as a good short-term solution for you. 

Gerry

Link to comment
Share on other sites

@Gerry

Thanks, yes so I think i've come up with an easier way of doing the above as it doesn't work anyway. So see below on how I did it.

1. Create an user account in Active Users for instance something@domain.com and create password

2. Create or edit shared mailbox and add the user account you have just create as an alias in the Exchange shared mailbox. 

3. Use the user account which is an alias of your Exchange shared mailbox to created the Shared Mailbox in Hornbill. 

This works exactly how we need. 

Last question I have is why are the emails being deleted from the Inbox on the Exchange side? This should only happen in IMAP if the User decides to delete an email from either location, why is Hornbill doing this automatically? IMAP is a remote file server so the messages should exist on the server and not be removed until a user decides to. Having to have a rule to duplicate the messages is going to be a little painful to come up with to be honest considering how many we have. 

Link to comment
Share on other sites

@RyanMesser

Glad to hear it is working now. 

Quote

Last question I have is why are the emails being deleted from the Inbox on the Exchange side?

An age old question I am afraid, we have had shared mailbox capability in our products for 15 years or more, long before anyone else was ever implementing this sort of thing.  We adopted open standards for interoperability (as opposed to propriatary standards), for reading/polling for mail we support both POP3 and IMAP.   While POP3 does not support replication at all, IMAP does, although its very inefficient and vendor-specific implementations have lots of variations on the theme.  As many customers that use Hornbill process what can only be described as *vast amounts of email messages* trying to keep the hornbill mailbox *in sync* with a remote mailbox is not so simple, and for that reason we opted to use a "transfer" approach where we simply lift the mail out of the source mailbox into the Hornbill Shared mailbox.  If you wish to keep local copies on exchange/o365 then we generally recommend you use mail rules so every message that comes into the Inbox also gets copied to another folder. 

I expect using more amenable API's like the EWS REST API we could implement full two-way replication keeping the two systems in-sync. 

Hope that makes sense. 

Gerry 

 

Link to comment
Share on other sites

I would think EWS would help, MAPI also (i think there is one implementation of it running on Linux). 

As I said I wouldn't follow the thread that you attached, it didn't work and I can sort of see why so the steps I described would be the best approach I think.  

Thanks for the assistance all resolved now but will keep an eye out for potential EWS implementation. 

Thanks

Ryan

Link to comment
Share on other sites

@RyanMesser

Yeah I think we done MAPI a long time ago, it was horrific.  Anyway we no longer run this sort of code on Windows only so open/well documented web service type API's are what we limit ourselves to. EWS seems good from the documentation so that would be the way to go I think

Gerry

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...