[Freeipa-users] Single mail deployment i an FreeIPA-WindowsAD scenario.
Alexander Bokovoy
abokovoy at redhat.com
Wed May 27 08:08:53 UTC 2015
On Wed, 27 May 2015, Martin Kosek wrote:
>On 05/26/2015 07:36 PM, Carlos Raúl Laguna wrote:
>> Hello Martin,
>>
>> The email deployment it is a groupware in this scenario Kolab, kolab use
>> 389 ad as main backend and it require some kolab ldap specific attribute to
>> work properly, this is not a problem in fact is quite easy to use freeipa
>> as kolab backend, so far so good but the romance only get this far. Since
>> we also use Windows Ad with forest-trust not all user are present in the
>> FreeIPA directory and there it is where my problem lays. Since not all user
>> are in the same box it become difficult to implement one mail system for
>> all users. Regards
>
>As I said, we have compat tree that allows LDAP BIND authentication and LDAP
>identity (not enumeration) for both IPA users and AD users when realm is in place.
>
>You can even update the configuration of the compat tree and add the kolab
>specific fields to be generated there too. There was very similar request on
>freeipa-users. It was for vSphere, but dealing with very similar use case and
>the final solution:
>
>http://www.freeipa.org/page/HowTo/vsphere5_integration
>
>Would that approach work for you?
I don't think it will work. compat tree is run-time read-only view of
the data coming from somewhere else. You need to have Kolab-specific
data available somewhere to be able to inject it in the compat tree.
Where would that data be stored for Kolab for AD-specific entries?
Additionally, Kolab wants to modify these custom attributes and compat
tree simply does not support modification, they all are refused.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list