Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Kopano Auth against Univention

    Kopano Groupware Core
    2
    4
    911
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • isol
      isol last edited by

      Hello, we are considering using an Univention corporate server as future DC in a company. Clearly we want to authenticate the Kopano groupware against this DC (This is a separate Kopano install with current software, not the Kopano app from the Univention store).

      What auth method is fitting best in this case? Using the Windows DC “LDAPMS” auth scheme or the generic LDAP auth?

      Cheers JC

      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @isol last edited by

        Hi @isol ,

        the “ms” in ldapms does not stand for Microsoft, but for multiserver. Also the app is not going towards the samba4 ad of Univention, but for performance reasons against the internal openldap.

        So if you really want to use Kopano with Univention, but not on Univention I would still recommend to install the Kopano app and copy/reuse most of the automatic configuration.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 0
        • isol
          isol last edited by

          Ok so in other words “use the generic OpenLDAP approach with the configuration provided”.
          Is the “real” or “direct” AD authorization so much slower than the OpenLDAP one? From what number of users could that be a significant problem? Reason is, if the customer later migrates to a real Windows DC I assume it is less work on the kopano side !?

          fbartels 1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels Kopano @isol last edited by

            Hello @isol ,

            from what I’ve heard from our support I would not recommend to use Samba 4 LDAP for user groups larger than 100 users. The Univention App used the internal OpenLDAP from the start, so in the sense of “don’t fix what isn’t broken” it never switched over to the Samba 4 auth.

            @isol said in Kopano Auth against Univention:

            if the customer later migrates to a real Windows DC I assume it is less work on the kopano side !?

            changing the auth source almost always comes with different unique user keys, so if i don’t think it matters which kind of ldap implementation you are running now, from the Kopano side of things both will be equally intensive.

            Maybe except for the fact that it may be a bit easier to migrate tree data into an ads from samba, than it is from openldap.

            Regards Felix

            Resources:
            https://kopano.com/blog/how-to-get-kopano/
            https://documentation.kopano.io/
            https://kb.kopano.io/

            Support overview:
            https://kopano.com/support/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post