GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » MacOS and Kerio LDAP (Connecting MacOS Directory Utility to Kerio LDAP)
MacOS and Kerio LDAP [message #149351] Tue, 02 February 2021 14:54 Go to next message
dave@ndtec.co.uk is currently offline  dave@ndtec.co.uk
Messages: 11
Registered: February 2021
Hi all, hello, my first post! Be gentle Smile

Been using Kerio Connect for many years now. However, I've now had a request where a client wants to connect their MacOS Server to the Kerio Server using Directory Utility. Has anyone ever had to do this as I'm finding it virtually impossible to get working. I'm seeing entries being posted to the Debug log, but no joy in the directory utility to indicate its pulling back results from the Kerio LDAP service. Any help would be greatly appreciated. Thanks.
Re: MacOS and Kerio LDAP [message #149355 is a reply to message #149351] Thu, 04 February 2021 01:21 Go to previous messageGo to next message
Nick.Geary is currently offline  Nick.Geary
Messages: 60
Registered: January 2021
Hi Dave,

What are the entries or errors you are seeing in the Debug logs?


Nick Geary
GFI Software
Re: MacOS and Kerio LDAP [message #149364 is a reply to message #149351] Thu, 04 February 2021 21:38 Go to previous messageGo to next message
j.a.duke is currently offline  j.a.duke
Messages: 239
Registered: October 2006
Dave,

Just a question-what does your client want to accomplish by connecting to the LDAP directory?

Thanks.

Cheers,
Jon
Re: MacOS and Kerio LDAP [message #149375 is a reply to message #149364] Sun, 07 February 2021 22:56 Go to previous messageGo to next message
samerharb is currently offline  samerharb
Messages: 1
Registered: February 2021
Hi Dave Smile

I am not very familiar with Mac OS's Directory Utility, but after a quick search I noticed that it only connects to Open Directory Server or Active Directory Domain

In a similar way I believe, Kerio Directory gets the single source of truth from either OD or AD: Mapping is one-way only & data is synchronized from a directory service to Kerio Connect.

So maybe by design, Directory Utility and Kerio Connect are not meant to integrate together? Please let me know if I missed anything

Best,
Samer
Re: MacOS and Kerio LDAP [message #149388 is a reply to message #149375] Sun, 14 February 2021 14:51 Go to previous messageGo to next message
anarvey is currently offline  anarvey
Messages: 68
Registered: May 2007
I believe the client has it backwards. macOS provides OD. And Kerio can bind to that OD and to that Kerberos.

lets say the macOS server is: macosserver.example.com
and Kerio Connect is at: kerioserver.example.com

For OD you go to Kerio Connect Server: Settings : Domain : Primary domain and click on the Directory Services tab.
check "map user accounts and groups from a directory service to this domain
and in the popup choose Apple Open Directory (Kerberos 5 authentication)
supply the macOS OD host name, the OD user name and the OD password (these are not the same as the admin username and password).
Note: he user name takes a special syntax: uid=odusername, cn=users, dc=macosserver,dc=example,dc=com
refere to: https://manuals.gfi.com/en/kerio/connect/content/server-conf iguration/ldap-and-directory-services/connecting-kerio-conne ct-to-directory-service-1130.html#sect-aod
Make sure you click Test Connection and get a successful connection.

For Kerberos only (this would allow you to spec the passwords at the macOS Server) go to Kerio Connect Server : Settings : and click on the Advanced tab.
Supply the macOSserver hostname in All Caps: MACOSSERVER.EXAMPLE.COM
See: https://support.kerioconnect.gfi.com/hc/en-us/articles/36001 5200459-Using-Kerberos-Authentication-with-Kerio-Connect

Re: MacOS and Kerio LDAP [message #149478 is a reply to message #149388] Wed, 10 March 2021 10:24 Go to previous message
gustavoburdett31 is currently offline  gustavoburdett31
Messages: 1
Registered: March 2021
In a similar way I believe, Kerio Directory gets the single source of truth from either OD or AD: Mapping is one-way only & data is synchronized from a directory service to Kerio Connect.
Previous Topic: Anti Hammering SASL IP address blocking not working
Next Topic: How to disable hardware acceleration?
Goto Forum:
  


Current Time: Thu Sep 29 04:13:49 CEST 2022

Total time taken to generate the page: 0.02470 seconds