[Freeipa-users] Single mail deployment i an FreeIPA-WindowsAD scenario.
Alexander Bokovoy
abokovoy at redhat.com
Wed May 27 08:46:48 UTC 2015
On Wed, 27 May 2015, Martin Kosek wrote:
>On 05/27/2015 10:08 AM, Alexander Bokovoy wrote:
>> On Wed, 27 May 2015, Martin Kosek wrote:
>>> On 05/26/2015 07:36 PM, Carlos Raúl Laguna wrote:
>>>> Hello Martin,
>>>>
>>>> The email deployment it is a groupware in this scenario Kolab, kolab use
>>>> 389 ad as main backend and it require some kolab ldap specific attribute to
>>>> work properly, this is not a problem in fact is quite easy to use freeipa
>>>> as kolab backend, so far so good but the romance only get this far. Since
>>>> we also use Windows Ad with forest-trust not all user are present in the
>>>> FreeIPA directory and there it is where my problem lays. Since not all user
>>>> are in the same box it become difficult to implement one mail system for
>>>> all users. Regards
>>>
>>> As I said, we have compat tree that allows LDAP BIND authentication and LDAP
>>> identity (not enumeration) for both IPA users and AD users when realm is in
>>> place.
>>>
>>> You can even update the configuration of the compat tree and add the kolab
>>> specific fields to be generated there too. There was very similar request on
>>> freeipa-users. It was for vSphere, but dealing with very similar use case and
>>> the final solution:
>>>
>>> http://www.freeipa.org/page/HowTo/vsphere5_integration
>>>
>>> Would that approach work for you?
>> I don't think it will work. compat tree is run-time read-only view of
>> the data coming from somewhere else. You need to have Kolab-specific
>> data available somewhere to be able to inject it in the compat tree.
>> Where would that data be stored for Kolab for AD-specific entries?
>
>It would work as long as the attributes are in the "real" user entries in form
>of custom attributes and compat plugin can be updated to add those to compat view.
What real user entries you are talking about for AD users?
>> Additionally, Kolab wants to modify these custom attributes and compat
>> tree simply does not support modification, they all are refused.
>
>If Kolab requires modifications, then this approach would not work with current
>FreeIPA implementation, yes.
No, we are not going into enabling modifications over compat tree, this
is simply impossible to achieve, sorry.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list