[solved] Hosted Kopano multi tenant - SSO or password sync?
I am evaluating a hosted Kopano solution for multiple tenants.
openLDAP is working as authentication source.
Everything is working well, but there is one thing that is missing: Single Sign On.
Customer is working with Exchange + ActiveDirectory and wants to migrate to hosted Kopano. The Active Directory needs to stay primary auth source for the customer. Mailbox/user information can easily be replicated from the domain controller to the “cloud”, but what about the passwords?
Is there any known mechanism that is able to synchronize the user passwords or is it necessary for the users to maintain one password for the “Windows Login” and another for Kopano?
Hi, for that i would have a look at univention UCS server as there you can do a AD connection to replicate the users and passwords to ldap and also has web interface management for kopano
look at univention UCS server as there you can do a AD connection to replicate the users and passwords to ldap
While this has the downside of having to have a dedicated Univention system per tennant, this would be indeed the easiest solution (but having to pass kerberos tickets to the on site ads could be a bit slow).
From a practical standpoint just replicating user data and requiring the user to set new passwords is probably the best solution.
Ok since dedicated Univention instances are not an option I am going to use new passwords.
Thank you for your ideas!