Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Anyone using FreeIPA for LDAP authentication?

    General Discussion
    3
    6
    2087
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • burgessja
      burgessja last edited by

      I have seen FreeIPA start to gain a lot of traction in the enterprise due to its slick interface, expanding feature-set, and the backing of RedHat. We’re already using it at a few sites for local user authentication and for some web services. Has anyone here tried or successfully used FreeIPA as a LDAP backend for Kopano? I will be making my first attempt tomorrow, but It looks like FreeIPA is lacking some of the custom attributes that Kopano uses, and they’ll need to be imported.

      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @burgessja last edited by

        Hi @buressja ,

        @dcuser and @MrManor have previously talked about using Kopano with FreeIPA, but I am not aware of any customer using it in a bigger environment.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 1
        • MrManor
          MrManor last edited by

          That is correct. I am currently running a test setup using FreeIPA as the LDAP for Kopano. I had to do some minor adjustments(1) in the LDAP schema for the 389 Directory Server to accept the Kopano attributes. After creating a kopano-daemon account and assigning read access to the relevant attributes, I have had no issues using FreeIPA in place for OpenLDAP. I have some notes from my install but they are all in Danish - sorry :-/

          I have not yet made any investigation if it is possible to add management of the Kopano related attributes into the IPA user interface. For now I just added kopano-user to Default user objectclasses and manage content of the kopano specific attributes by other means.

          My test setup only has 5 users, but I have no reason to believe that scaling would be any problem.

          (1) I have temporary placed a copy of the modified schema file on my webserver. May bee the Kopano people ( @fbartels ?) would like to include it somewhere on the Kopano site.

          fbartels 1 Reply Last reply Reply Quote 2
          • burgessja
            burgessja last edited by

            That schema seems to have worked for me! I am still testing everything, but the user accounts were synced and now show in kopano-admin -l and users can log in and send emails. Thank you!

            If I write a FreeIPA Web UI plugin for the Kopano schema, i’ll share it here as well.

            1 Reply Last reply Reply Quote 0
            • MrManor
              MrManor last edited by

              Glad to be of help. If you happen to put effort in to single sign on, please share your experiences to.

              1 Reply Last reply Reply Quote 0
              • fbartels
                fbartels Kopano @MrManor last edited by

                @mrmanor said in Anyone using FreeIPA for LDAP authentication?:

                May bee the Kopano people ( @fbartels ?) would like to include it somewhere on the Kopano site.

                I’m afraid that if we include it in our official documentation people will expect us to maintain such an integration as well (even if we would put an all caps disclaimer about it). I have meanwhile checked with our support staff and so far we have had zero request for FreeIPA from our customers.

                But lets focus on something more positive. For the Schema and potential GUI integration I would recommend to start a small git repository. The easiest is to host such a repository at Github, but I can also provide a repository on our community Bitbucket (stash.z-hub.io). To share the news about the existence of your project we could easily include it in https://stash.z-hub.io/projects/COM/repos/projects-and-resources/browse as well.

                Regards Felix

                Resources:
                https://kopano.com/blog/how-to-get-kopano/
                https://documentation.kopano.io/
                https://kb.kopano.io/

                Support overview:
                https://kopano.com/support/

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post