[Kolab-devel] Re: [Kroupware] kolab and Novel eDirectory
Dieter Kluenter
dieter at dkluenter.de
Tue Oct 7 21:36:47 CEST 2003
Hi Stephan,
Stephan Buys <list at codefusion.co.za> writes:
> We will be pointing SASL on the Kolab box to use Active Directory through
> LDAP. This should work without having to dig too deep into Kerberos (not
> that I am oppossed to it :-)
I cc: this mail to kolab-devel, so we can discuss this matter further.
I'm working on using sasl and gss-api with NET.server2003 AD, but it
will be a long way.
sasl or saslauthd might be able to contact AD, but there is no
userPassword entry to authenticate against, but only a
userPrinicicalName attribute, which is the users kerberos principal.
An application may use the value of this attribute to aquire a
granting ticket from KDC, but I don't know wether saslauthd can do
this.
-Dieter
>
> On Tuesday 07 October 2003 16:26, Dieter Kluenter wrote:
>> Hi,
>>
>> Stephan Buys <list at codefusion.co.za> writes:
>> > Hi,
>> >
>> > We are starting Active Directory 2003 work within the next two weeks, the
>> > result will be a Kolab server that can integrate into any kind of LDAP
>> > system as long as the right schema exists.
>>
>> Good luck :-)
>> You have to think about a complete different way of database updating,
>> which is done by kolab now acting as slurpd. Schema design in AD is a
>> pain, I have a 2003 AD in my test environment :-(
>> Don't forget that authentication is done via kerbros, so you have to
>> use a kerberos principal instead of email ID.
>>
>> -Dieter
>
> _______________________________________________
> Kroupware mailing list
> Kroupware at mail.kde.org
> http://mail.kde.org/mailman/listinfo/kroupware
>
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de
More information about the devel
mailing list