Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    [solved] Hosted Kopano multi tenant - SSO or password sync?

    Kopano Groupware Core
    3
    4
    1232
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • sbauhaus
      sbauhaus last edited by sbauhaus

      Hello,

      I am evaluating a hosted Kopano solution for multiple tenants.
      openLDAP is working as authentication source.

      Everything is working well, but there is one thing that is missing: Single Sign On.
      Example:
      Customer is working with Exchange + ActiveDirectory and wants to migrate to hosted Kopano. The Active Directory needs to stay primary auth source for the customer. Mailbox/user information can easily be replicated from the domain controller to the “cloud”, but what about the passwords?

      Is there any known mechanism that is able to synchronize the user passwords or is it necessary for the users to maintain one password for the “Windows Login” and another for Kopano?

      Thank you!

      Greetings
      Sebastian

      externa1 1 Reply Last reply Reply Quote 0
      • externa1
        externa1 @sbauhaus last edited by

        @sbauhaus

        Hi, for that i would have a look at univention UCS server as there you can do a AD connection to replicate the users and passwords to ldap and also has web interface management for kopano

        https://www.univention.de/

        rg
        Christian

        fbartels 1 Reply Last reply Reply Quote 0
        • fbartels
          fbartels Kopano @externa1 last edited by

          @externa1 said in Hosted Kopano multi tenant - SSO or password sync?:

          look at univention UCS server as there you can do a AD connection to replicate the users and passwords to ldap

          While this has the downside of having to have a dedicated Univention system per tennant, this would be indeed the easiest solution (but having to pass kerberos tickets to the on site ads could be a bit slow).

          From a practical standpoint just replicating user data and requiring the user to set new passwords is probably the best solution.

          Regards Felix

          Resources:
          https://kopano.com/blog/how-to-get-kopano/
          https://documentation.kopano.io/
          https://kb.kopano.io/

          Support overview:
          https://kopano.com/support/

          1 Reply Last reply Reply Quote 0
          • sbauhaus
            sbauhaus last edited by

            Ok since dedicated Univention instances are not an option I am going to use new passwords.
            Thank you for your ideas!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post