[Kroupware] Re: Custom UID

Christopher Lewis chris at maximlighting.com
Wed Jun 25 13:39:36 CEST 2003 

On Wednesday 25 June 2003 02:02 am, you wrote:
> Hi,
>
> > duties.  I just want 1 place where I can enter my user information, and
> > it just works.
>
> Yes, this is a valid goal.
>
> > As it stands right now, this is not the case.
>
> Why?
>
> > E-mail has a
> > separate login scheme from everything else (can't be changed
>
> Yes, we dont want to change the login scheme for Kolab (not just email but
> also webdav etc.)
>
> >, and not
> > compatible with Kolab's login scheme)
>
> ??
>
> > while everything else can at least
> > use the same 4 letter login ID (still maintained separately, however I
> > have the ability to change that).  I believe that if Kroupware/Kolab
> > wants to be a success, it will have to address these issues.
>
> Sorry, I have the impression that there is some misunderstanding here.
>
> Please explain to me why the current scheme put either a burden on an
> administrator or on the user?
>
> E.g. shall we rename the "enter login name" to simply "enter your email
> address" in the documentation and the GUI?
>
> Yours,
> -- martin
>
> Dipl.-Phys. Martin Konold
>
> e r f r a k o n
> Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
> Nobelstrasse 15, 70569 Stuttgart, Germany
> fon: 0711 67400963, fax: 0711 67400959
> email: martin.konold at erfrakon.de

Okay, there is a misunderstanding.  Basically, I'm not only looking at 
e-mail/groupware administration, I'm looking at my complete network, from 
domain controllers to internet access.  

I currently have a groupware solution in place, but I'm looking for another.  
Right now, I use HP OpenMail.  HP has discontinued this product, and use of 
their 50 user free license expires in 2005.  So, now I'm looking for a 
replacement.  I'm hoping Kroupware will be that replacement, so I'm watching 
your progress closely (including attempting CVS builds, which I have never 
done before).

Right now, I'm using a Windows 2000 Active Directory server for my logons, 
since we primarily run Windows.  I have finally gotten my Linux boxes to 
authenticate against Active Directory using PAM_LDAP, and I would like to 
continue using this method, even if I eventually change the server.

Now, I also have a website that my users need to logon to.  I'm planning to 
change this to use LDAP authentication also.  It currently looks up this 
information in a database.  I'm still looking for options here.

Finally, I have an ERP system which uses its own authentication system.  This 
system limits usernames to 4 characters.  Here I am with 4 separate places 
with user administration.  In order to minimize the impact of all these 
different authentication methods on my users, we have chosen to use the same 
usernames in each system.  This limits me to 4 character usernames.  This 
works for Active Directory, the website, and the ERP system.  OpenMail uses a 
separate directory and doesn't use the Unix/LDAP logons.  Instead, my users 
have to use their names.  So, email is currently the only system that doesn't 
fit into this scheme.  

Now, with Kroupware requiring the e-mail address to be the UID, email still 
will not fit into that scheme.  This in itself isn't a huge problem, since I 
would have to go to each computer and change the e-mail settings anyway.  
It's just not quite as intuitive as telling my users to 'Log on with the same 
username and password you use everywhere else.'  The ones that would be 
really confused are my webmail users, but I won't go there yet.

As far as complete system administration goes, Kroupware's current login 
scheme only leaves me 4 options:
1)  Only consolidate website and windows logins.  This still leaves 3 
administration points:  Active Directory; Kroupware's OpenLDAP; ERP.  Not 
much improvement in this area.
2)  Authenticate using Kroupware's OpenLDAP directory.  This will bring me 
down to 2 administration points: OpenLDAP and ERP.  Correct me if I'm wrong, 
but now this will require my users to login with their e-mail addresses.  4 
character logins now become minimum 21 characters.  (My smallest e-mail 
address is ???@maximlighting.com)  This will not go over well with my users.
3)  Change Kroupware myself (or with help) to use custom UID.  Since I'm not a 
C programmer, this would be difficult and possibly keep me out of date with 
current Kroupware versions.
4)  Use replication/mapping between Active Directory and OpenLDAP.  This would 
meet my goal as far as system administration goes, but I'm not sure yet how 
to accomplish this.

A final option would be to use something else, but this project looks like it 
has the potential to be something great.  Most of your goals appear to be the 
same as what I'm looking for.  Being Open Source and standards based,   it 
should be fairly simple for other projects to integrate with Kroupware.  I 
already use KDE as my primary desktop, including KMail and KOrganizer.  

So, now you should be able to understand where I'm coming from.  It probably 
shouldn't matter where this project is concerned.  My job is system 
administration (among other things), but once in a while I forget to enter 
someone into our website or email systems.  So, I thought I would throw it 
out here.  If I can consolidate system administration into only 2 places with 
minimal impact on the users, I wouldn't have quite so many problems as I have 
now.

Anyway, I just wanted to let you know where I'm coming from, and trying to end 
this thread now.
-- 
Christopher Lewis
Systems Administrator
Maxim Lighting International
chris at maximlighting.com
(626) 964-7500 x268

More information about the Kroupware mailing list