Hosted Kolab multi-domain

Jeroen van Meeuwen (Kolab Systems) vanmeeuwen at kolabsys.com
Sat Feb 23 16:58:56 CET 2013 

On 2013-02-23 10:37, Borhek, John wrote:
> On configuration of Kolab for multi-tennant hosting, does each new
> domain require manual modifications (additions) of:
> /etc/kolab/kolab.conf
> 

Each domain name space that corresponds with a separate object as a 
result of searching "domain_base_dn" with "domain_filter" (from the 
[ldap] section) needs a domain name space specific section to configure 
things such as the LDAP semantics ([example.org] -> base_dn = 
o=intra,dc=example,dc=org), as well as policy items such as the 
recipient policy, default quota, folders to automatically create when a 
new user mailbox is created.

So, if you were hostedprovider.com and you would host 'kolab.org' for 
us, and 'bacula.org' for the Bacula community, you would typically have 
3 root dns:

   1) dc=hostedprovider,dc=com
   2) dc=kolab,dc=org
   3) dc=bacula,dc=org

You would also have three separate objects in cn=kolab,cn=config:

   1) associateddomain=hostedprovider.com,cn=kolab,cn=config
   2) associateddomain=kolab.org,cn=kolab,cn=config
   3) associateddomain=bacula.org,cn=kolab,cn=config

While hostedprovider.com would be your overall "primary domain" (in 
hosted environments, also known as the "management domain"), the 
settings from the [ldap] section would apply to it (base_dn, 
user_base_dn, etc.), and on top of that the settings from 
[hostedprovider.com] would apply to it (default_quota, 
autocreate_folders, primary_mail, etc.).

You would have two other sections:

   1) [kolab.org], with settings including base_dn (dc=kolab,dc=org), 
user_base_dn (typically ou=People,dc=kolab,dc=org or 
ou=People,%(base_dn)s), and of course default_quota, autocreate_folders, 
etc.

   2) [bacula.org], with settings including base_dn (dc=bacula,dc=org), 
user_base_dn (typically ou=People,dc=bacula,dc=org or 
ou=People,%(base_dn)s), and of course default_quota, autocreate_folders, 
etc.

As you add more such hosted domains, naturally this list will get 
longer and longer.

> Or, on configuration for multi-tennant, can the user cn=Directory
> Manager create new domains entirely within web admin?
> 

Yes, "cn=Directory Manager" is the overall LDAP server administrator 
account.

You can use LDAP ACLs to allow or deny (groups of) individuals or 
individuals with particular roles to view/remove/edit/add objects in the 
cn=kolab,cn=config tree.

> I have a number of domains to manage and I am trying to decide if we
> choose Kolab, whether standalone Kolab deployments or a multi-tennant 
> is
> right for me?
> 

It tends to be easier to provide high-availability / redundancy / 
load-balancing when the actual infrastructure for multiple tenants is 
shared between them (reduction in overhead).

Then again, sometimes the requirements for organizations that would 
consume a hosted environment include "their people" have a level of 
access to the system itself, or simply "may not be shared infra".

Kind regards,

Jeroen van Meeuwen

-- 
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08

More information about the users mailing list