GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » Product Feedback » Kerio Connect Feedback » Fully Support OpenLDAP (Apple is out of the Server Business so OD is going bye bye, alternative to AD needed.)
Fully Support OpenLDAP [message #149466] Mon, 08 March 2021 17:26 Go to next message
jcooper is currently offline  jcooper
Messages: 113
Registered: May 2009
Location: Syracuse, NY
HI,

Years ago I used OpenDirectory but needed to switch to AD when we installed a windows Remote Desktop server. In retrospect I probably could have given it its own login. Live n learn I guess. But now that I'd like to minimize my exposure to Windows (all Mac clients here) I'm wary of moving back to OD as Apple has a nasty habit of turning things off with little notice or choice with OS updates.

I know there is a way to do it, but it's "unsupported." https://manuals.gfi.com/en/kerio/connect/content/server-conf iguration/ldap-and-directory-services/mapping-users-groups-f rom-an-openldap-or-generic-ldap-server-294.html

It would be great if you could ACTUALLY support an alternative to Active Directory, For years I've been paying through the teeth for an AD server when all I really need is a password server (50-ish users, barely an "enterprise"). I obviously need to authenticate other things too obviously (VPN, web page logins, wifi, Windows RD, etc), so I'd rather not go back to locally authenticated email.

Thanks,

Jeff

Report message to a moderator

Re: Fully Support OpenLDAP [message #149484 is a reply to message #149466] Thu, 11 March 2021 19:53 Go to previous message
Bud Durland is currently offline  Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
Just my humble opinion, but with so few users, you are better off using local authentication. E-mail servers are probably the #1 attack surface for bad actors trying to compromise an account. Successfully hacking the e-mail account when the passwords is the same as AD/OD/etc. pretty much gives them a way in. Certainly there are many protective measure that can be taken -- firewalls, 2FS/MFA, vpn, etc. But especially for e-mail, where in practice people enter their password once and have the client program store it, establishing a very difficult to hack password that is different from other authenticators seems smart to me.

Report message to a moderator

Previous Topic: FEATURE REQUEST - Apple Contacts Carddav support
Next Topic: upload an download eml Email source, preferably by API
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun May 28 04:42:51 CEST 2023

Total time taken to generate the page: 0.05403 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software