Kopano Auth against Univention

  • Hello, we are considering using an Univention corporate server as future DC in a company. Clearly we want to authenticate the Kopano groupware against this DC (This is a separate Kopano install with current software, not the Kopano app from the Univention store).

    What auth method is fitting best in this case? Using the Windows DC “LDAPMS” auth scheme or the generic LDAP auth?

    Cheers JC

  • Kopano

    Hi @isol ,

    the “ms” in ldapms does not stand for Microsoft, but for multiserver. Also the app is not going towards the samba4 ad of Univention, but for performance reasons against the internal openldap.

    So if you really want to use Kopano with Univention, but not on Univention I would still recommend to install the Kopano app and copy/reuse most of the automatic configuration.

  • Ok so in other words “use the generic OpenLDAP approach with the configuration provided”.
    Is the “real” or “direct” AD authorization so much slower than the OpenLDAP one? From what number of users could that be a significant problem? Reason is, if the customer later migrates to a real Windows DC I assume it is less work on the kopano side !?

  • Kopano

    Hello @isol ,

    from what I’ve heard from our support I would not recommend to use Samba 4 LDAP for user groups larger than 100 users. The Univention App used the internal OpenLDAP from the start, so in the sense of “don’t fix what isn’t broken” it never switched over to the Samba 4 auth.

    @isol said in Kopano Auth against Univention:

    if the customer later migrates to a real Windows DC I assume it is less work on the kopano side !?

    changing the auth source almost always comes with different unique user keys, so if i don’t think it matters which kind of ldap implementation you are running now, from the Kopano side of things both will be equally intensive.

    Maybe except for the fact that it may be a bit easier to migrate tree data into an ads from samba, than it is from openldap.

Log in to reply