[Kolab-devel] Re: [Kroupware] kolab and Novel eDirectory

Stephan Buys list at codefusion.co.za
Wed Oct 29 16:10:08 CET 2003 

Hi,

You were right, there is no way to check the password through AD and LDAP.
But it is possible to let SASL do it's authentication through a bind test
on LDAP. 

So, we have got a prototype of the Kolab daemon running that can authenticate
against Active Directory for all the user mailboxes. Also, it has the ability to
create, modify and remove mailboxes as you do the changes in Active Directory.

We will be releasing the code soon for anyone interested. (It features some
_major_ overhauls of the Kolab daemon)

Regards,
Stephan

On Wednesday 08 October 2003 08:53, Stephan Buys wrote:
> Hi Dieter,
>
> I have just confirmed with our client (they are quite versed in Active
> Directory, doing all the schema related work, etc.) that there is a
> userPassword attribute available if you create a inetOrgPerson. So
> hopefully that should be one less hurdle.
>
> Regards,
> Stephan
>
> On Tuesday 07 October 2003 21:36, Dieter Kluenter wrote:
> > Hi Stephan,
> >
> > Stephan Buys <list at codefusion.co.za> writes:
> > > We will be pointing SASL on the Kolab box to use Active Directory
> > > through LDAP. This should work without having to dig too deep into
> > > Kerberos (not that I am oppossed to it :-)
> >
> > I cc: this mail to kolab-devel, so we can discuss this matter further.
> > I'm working on using sasl and  gss-api with NET.server2003 AD, but it
> > will be a long way.
> > sasl or saslauthd might be able to contact AD, but there is no
> > userPassword entry to authenticate against, but only a
> > userPrinicicalName attribute, which is the users kerberos principal.
> >
> > An application may use the value of this attribute to aquire a
> > granting ticket from KDC, but I don't know wether saslauthd can do
> > this.
> >
> > -Dieter
> >
> > > On Tuesday 07 October 2003 16:26, Dieter Kluenter wrote:
> > >> Hi,
> > >>
> > >> Stephan Buys <list at codefusion.co.za> writes:
> > >> > Hi,
> > >> >
> > >> > We are starting Active Directory 2003 work within the next two
> > >> > weeks, the result will be a Kolab server that can integrate into any
> > >> > kind of LDAP system as long as the right schema exists.
> > >>
> > >> Good luck :-)
> > >> You have to think about a complete different way of database updating,
> > >> which is done by kolab now acting as slurpd. Schema design in AD is a
> > >> pain, I have a 2003 AD in my test environment :-(
> > >> Don't forget that authentication is done via kerbros, so you have to
> > >> use a kerberos principal instead of email ID.
> > >>
> > >> -Dieter
> > >
> > > _______________________________________________
> > > Kroupware mailing list
> > > Kroupware at mail.kde.org
> > > http://mail.kde.org/mailman/listinfo/kroupware
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at intevation.org
> https://kroupware.org/mailman/listinfo/kolab-devel

-- 
Stephan  Buys
Code Fusion cc.
Tel: +27 11 391 1412
Mobile: +27 83 294 1876
Email: s.buys at codefusion.co.za

More information about the devel mailing list