GFI Software Aurea SMB Solutions

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » Product Feedback » Kerio Connect Feedback » Fully Support OpenLDAP (Apple is out of the Server Business so OD is going bye bye, alternative to AD needed.)
Fully Support OpenLDAP [message #149466] Mon, 08 March 2021 17:26 Go to next message
jcooper is currently offline  jcooper
Messages: 103
Registered: May 2009
Location: Syracuse, NY
HI,

Years ago I used OpenDirectory but needed to switch to AD when we installed a windows Remote Desktop server. In retrospect I probably could have given it its own login. Live n learn I guess. But now that I'd like to minimize my exposure to Windows (all Mac clients here) I'm wary of moving back to OD as Apple has a nasty habit of turning things off with little notice or choice with OS updates.

I know there is a way to do it, but it's "unsupported." https://manuals.gfi.com/en/kerio/connect/content/server-conf iguration/ldap-and-directory-services/mapping-users-groups-f rom-an-openldap-or-generic-ldap-server-294.html

It would be great if you could ACTUALLY support an alternative to Active Directory, For years I've been paying through the teeth for an AD server when all I really need is a password server (50-ish users, barely an "enterprise"). I obviously need to authenticate other things too obviously (VPN, web page logins, wifi, Windows RD, etc), so I'd rather not go back to locally authenticated email.

Thanks,

Jeff
Re: Fully Support OpenLDAP [message #149484 is a reply to message #149466] Thu, 11 March 2021 19:53 Go to previous message
Bud Durland is currently offline  Bud Durland
Messages: 554
Registered: December 2013
Location: Plattsburgh, NY
Just my humble opinion, but with so few users, you are better off using local authentication. E-mail servers are probably the #1 attack surface for bad actors trying to compromise an account. Successfully hacking the e-mail account when the passwords is the same as AD/OD/etc. pretty much gives them a way in. Certainly there are many protective measure that can be taken -- firewalls, 2FS/MFA, vpn, etc. But especially for e-mail, where in practice people enter their password once and have the client program store it, establishing a very difficult to hack password that is different from other authenticators seems smart to me.
Previous Topic: FEATURE REQUEST - Apple Contacts Carddav support
Next Topic: upload an download eml Email source, preferably by API
Goto Forum:
  


Current Time: Thu Sep 23 16:19:21 CEST 2021

Total time taken to generate the page: 0.05035 seconds