[Kolab-devel] Active Directory synchronization in Kolab 2
Henning Holtschneider
henning at loca.net
Fri Sep 23 20:36:27 CEST 2005
--On Freitag, 23. September 2005 15:07 +0200 Bernhard Reiter
<bernhard.reiter at intevation.de> wrote:
>> 1. changing the username and/or email address in the AD resulted in the
>> mailbox on the Kolab server to be deleted and re-created. This could be
>> prevented when using the AD UUID as the UID on the Kolab server. It
>> didn't work well with Kolab 1 (ZFOS) because the custom UIDs had been
>> removed, but with Kolab 2 it shouldn't be a problem anymore.
>
> It might be easier with the Kolab2 Server, but the primary email address
> is still pretty important as it lives inside the appointments for this
> and other users. Thus you would need to act like moving a user mailbox
That's an important point! But I think it is easier to deal with this than
the authentication problem.
> Are you talking single sign on here or just that authentification has to
> work with the AD saved password from the Kolab side?
I don't care as long as the user can be authenticated on the IMAP server
with credentials available inside the logon session on the Windows client
machine :-) Honestly, I don't know if the password hash is available
programmatically on Windows 2000/XP because both operating systems use
Kerberos authentication whenever possible in AD environments. The NTLM
password hash might not be available outside the filesystem layer, either
(I will have to check that).
> There is no need for Kolab to have the plaintext password from the AD,
> unless I am missing something.
You aren't missing anything! It's just that SASL/GSSAPI can only transform
a plain password into the required encrypted password hash.
Regards,
Henning Holtschneider
--
LocaNet oHG - http://www.loca.net
Lindemannstrasse 81, D-44137 Dortmund
tel +49 231 91596-25, fax +49 231 91596-55
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20050923/c759fcfc/attachment.sig>
More information about the devel
mailing list