Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » User Mapping / Open Directory
  •  
tkramis@seabix.com

Messages: 9
Karma: 0
Send a private message to this user
I've just set up a connection between Kerio Mailserver and Apple Open Directory. Now I got two questions:

1. Do I manually need to activate Users from OD in order to let them use their mailaccount? (Or is the mailaccount available as soon as I add a User-Account to OD?)

2. Right now, when I'm activating a user in Kerio Mailserver it's beeing activated as a user of all my domains. What I really want is to just activate a user for a specific domain.

Any answers/solutions?

[Updated on: Mon, 09 October 2006 12:17]

  •  
-nob-

Messages: 25
Karma: 0
Send a private message to this user
You have to create a mail account on kerio for all your OD Users you like to have Mail. So DO did not like "." on user - shortnames, you have to create a alias for every mail user. And then you have to change all webmail settings for all your users to the "right" reply Adress.

I worked some weeks on kms and OD, and all i learned about: leave it, set up kms without OD.
http://www.cdx.de
  •  
SethL

Messages: 23
Karma: 0
Send a private message to this user
The issue of using a single Open Directory database for multiple, unique KMS domains is a bit complicated. I went through this a few weeks ago and wrote up my experiences: http://discussions.apple.com/message.jspa?messageID=3182093# 3182093.

The bottom line is that what you want to do cannot currently be done with the current or beta versions of KMS because of the way KMS uses the Kerio Open Directory Extensions. Activated OD accounts are simply flagged as being activated in KMS and nothing is noted about the user's domain.

The degree to which this matters depends entirely on what you hoped to achieve with Open Directory integration. If you were looking for Kerberos authentication and single sign-on capability - don't worry, it's still there. If you were looking to more easily add dozens or hundreds of users at once, sorry, you're out of luck.

When (if) Kerio releases an update with a fix for the OD/multi domain problem, I'll update my user accounts. For now, I'm happily moving forward with KMS and OD using just the Kerberos integration.

Seth Long
Sound Publishing, Inc.
Tacoma, Washington
  •  
asta

Messages: 29
Karma: 0
Send a private message to this user
i've set up my account with OD. i'm using three domains, and all users have been replcated in each account.

not such a big deal, since i've only got seven users, but i'm in a trial mode now and was planning on buying a ten-user license. due to this replication of OD users, however, kms sees 28 users! -- and i'd rather not buy a 30 user license when all i need is ten.

anyone have any experience with this? what can be done?
  •  
SethL

Messages: 23
Karma: 0
Send a private message to this user
In my experience, there's nothing you can do about it. KMS relies on the LDAP database to support organizational units (OUs), as Microsoft Active Directory does, but Open Directory does not. The KMS Open Directory extensions that you install on your OD server add a few fields to each user's OD account record but the one missing field is the one which notes which domain that person belongs to.

Since you don't have many users, it's easy enough to just add them manually (heck, I have 500 users and we add them manually). You can still have KMS rely on OD for Kerberos authentication, though, which will give you a single password for each user.

In Kerio Admin Console, configure each of your domains with no directory service but in the Advanced tab, configure your Kerberos realm to match that of your OD Kerberos settings (after first making sure that, if KMS is running on a separate box, it is appropriately bound to your OD server and Kerberized as per Apple's instructions). Then, for each of your users in each domain, set their account authentication method to Kerberos.

If it all worked, KMS will hand off authentication to your master OD server and no passwords will be stored in KMS.

Seth Long
Sound Publishing, Inc.
Tacoma, Washington
Previous Topic: how to add multiple email add. in archive option
Next Topic: Outlook Connector: free/busy settings not saving
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 16:46:56 CET 2017

Total time taken to generate the page: 0.00445 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.