Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » OS X: Local users to Open Directory users
  •  
admin@companion-group.com

Messages: 1
Karma: 0
Send a private message to this user
When I initially installed Kerio Mail Server on a Xserve G4 and Tiger Server, I defined all mailbox users as local users. The server itself was installed as a 'Standalone' OS X server.
I'm planning to migrate KMS to a different Xserve server running Leopard Server. My plan is for this new server to host an Open Directory replica and to switch all users from Local to Open Directory authentication.
How is this going to affect the existing mailboxes? If I change user 'johndoe' from local to OD authentication, will Kerio continue to use the existing 'johndoe' mailbox? Or delete it and create a brand new one? Create a second mailbox for that same user?

I've looked everywhere for this process being described, but have been unable to find anything that discusses this type of migration.

Any feedback would be greatly appreciated.

Regards,

andre

  •  
greg_m

Messages: 65
Karma: 0
Send a private message to this user
I am looking for guidance in the same area. I wish to bind my KMS installation to OD running on the same Xserve. The server will be promoted to an OD master. There are a couple of gotchas I can think of, firstly the shortname on the OD server would be different to the format used on the KMS server, so i will have to change all OS X user accounts first. Also, what effect does this have on the existing mail boxes? Does anyone know where this procedure is documented?

Andre, did you find the information you were after?

Thanks

Greg
  •  
tstrand

Messages: 4
Karma: 0
Send a private message to this user
We've had terrible luck with Kerio 6.6.2 running on the same box as OS X Serve 10.5.6.

Most importantly - iCal will not auto-expand addresses because auto-expand only works if Kerio can query its LDAP directory, which it can't if it's on the X Server box because Open Directory also grabs port 389.

A work-around is to re-assign Kerio port 389 to something like 50389, but off-LAN users can't auto-expand.

---

Our Open Directory has not been able to create a reliable Archive - ever. Still not sure what the problem is but both Apple and Kerio say: "separate the two".

---

Don't do it.


Tom

  •  
greg_m

Messages: 65
Karma: 0
Send a private message to this user
Hi Tom, thanks for the advice. If both Apple and Kerio say this is a no-go then that's a good reason not to do it. I was going to push for a new Kerio box anyway as performance is not great on an aging G5 Xserve with KMS and filesharing running. This gives me the a reason to spend some money!

Cheers,

Greg
  •  
indigospring

Messages: 36
Karma: 0
Send a private message to this user
admin<_a.t_>companion-group.com wrote on Tue, 14 October 2008 22:51

My plan is for this new server to host an Open Directory replica and to switch all users from Local to Open Directory authentication.
How is this going to affect the existing mailboxes? If I change user 'johndoe' from local to OD authentication, will Kerio continue to use the existing 'johndoe' mailbox? Or delete it and create a brand new one? Create a second mailbox for that same user?



This will work just fine - as long as he new OD accounts have the same names as the previous local Kerio accounts.

Beware Open Directory will not let the primary username have a "." character in it.

You can just rename the mailboxes...
  •  
indigospring

Messages: 36
Karma: 0
Send a private message to this user
tstrand wrote on Thu, 07 May 2009 02:28

We've had terrible luck with Kerio 6.6.2 running on the same box as OS X Serve 10.5.6.

Most importantly - iCal will not auto-expand addresses because auto-expand only works if Kerio can query its LDAP directory, which it can't if it's on the X Server box because Open Directory also grabs port 389.

A work-around is to re-assign Kerio port 389 to something like 50389, but off-LAN users can't auto-expand.



That is all you need to do - use a different port for Kerio's LDAP. Use the auto integration tool (click on the link at the bottom of the webmail login page) and this will set up a second LDAP source for Contacts that will be used by Address Book, Mail, iCal etc.

Not a problem (although the LDAP connection ends up with an embedded username and password as there is an assumption that one user = one mac).

Quote:


Still not sure what the problem is but both Apple and Kerio say: "separate the two".




Separate ports, not separate servers. Kerio can run quite happily on an OD Master or Replica. You can even run Kerio webmail alongside Apple's webserver - again use a different port and set up Apache rewrite rules.
  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
just my 2 cents worth of advice from my experience:

1. import your OD users, create new mail accounts for them, then delete the old mail accounts and let all the files of the old user be transferred to the new od user (you can delegate all folders of a deleted user to a new user in Kerio). very clean solution.

2. use ldap on port 389 as os x server ldap (can't have OD without it), use secure ldap on port 636 for kerio (by default, ldap on port 389 will be shut down on a kms install on os x server anyway).

[Updated on: Fri, 08 May 2009 22:41]

Previous Topic: KERIO + W2003 WEB EDITION
Next Topic: Blackberry local cable sync ?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Sep 24 06:59:10 CEST 2017

Total time taken to generate the page: 0.00505 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.