Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Migration from Openldap to Samba 4 AD

    Kopano Groupware Core
    3
    3
    1239
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • arndtw
      arndtw last edited by

      Hi,
      we are migration from samba 3 with openldap to Samba 4 with AD. So we want to migrate our kopano from openldap to the new AD, to have not two sites to manage users. We integrated the kopano schema into our new AD and populated the attributes from openldap to AD with a python script.
      The attribute kopanoAliases is no longer available in AD. Where we have to put those aliases? (otherMailbox ?)

      How can we switch Kopano to AD from LDAP?

      Thx
      Wolfgang

      1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano last edited by fbartels

        Hi @arndtw ,

        we have had many performance complaints with samba4. I recommend to do extensive load testing before you complete your migration.

        @arndtw said in Migration from Openldap to Samba 4 AD:

        Where we have to put those aliases? (otherMailbox ?)

        Yes, that is the usual attribute for for this in ad. afair

        @arndtw said in Migration from Openldap to Samba 4 AD:

        How can we switch Kopano to AD from LDAP?

        A lot of data in Kopano depends on the value of the unique user attribute. The recommendation would be to keep this value the same between the old auth source and the new one. If you really want/need to change it the same perl script that can be used to migrate users from db to ldap. Expect extended downtime while the script runs.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 0
        • thctlo
          thctlo last edited by

          Hai,
          I noticed this.

          cat /usr/share/kopano/ldap.active-directory.cfg|grep Alias
          # Optional, default = kopanoAliases
          # Active directory: kopanoAliases
          # LDAP: kopanoAliases
          

          But in my Samba4 AD, the kopanoAliases are set with otherMailbox.

          @arndtw , with samba4 AD, make sure you run latest samba 4.8 or 4.9.
          samba 4.7 better already n the queries, 4.8-4.9+ are multi-threaded which helps a lot and optionaly you can enable preforking in 4.9.

          Look up what is indexed : ldbsearch -H $(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')//sam.ldb -s base -b @INDEXLIST
          Lookup BaseDN : ldbsearch -H /$(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')/sam.ldb -s base -b "" defaultNamingContext
          Edit : ldbedit -H $(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')//sam.ldb -b CN=SCHEMA,CN=CONFIGURATION,DC=.....baseDN.

          Lookup what you want to edit, and set : searchFlags: 1
          Tip, ```` ldbedit -e nano -H ```… Gives you the nano editor.

          And you need to run : samba-tool dbcheck --reindex on the server after the change’s
          You need to run this on every DC once.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post