[Kroupware] Re: Custom UID
Christopher Lewis
chris at maximlighting.com
Wed Jun 25 13:39:36 CEST 2003
On Wednesday 25 June 2003 02:02 am, you wrote:
> Hi,
>
> > duties. I just want 1 place where I can enter my user information, and
> > it just works.
>
> Yes, this is a valid goal.
>
> > As it stands right now, this is not the case.
>
> Why?
>
> > E-mail has a
> > separate login scheme from everything else (can't be changed
>
> Yes, we dont want to change the login scheme for Kolab (not just email but
> also webdav etc.)
>
> >, and not
> > compatible with Kolab's login scheme)
>
> ??
>
> > while everything else can at least
> > use the same 4 letter login ID (still maintained separately, however I
> > have the ability to change that). I believe that if Kroupware/Kolab
> > wants to be a success, it will have to address these issues.
>
> Sorry, I have the impression that there is some misunderstanding here.
>
> Please explain to me why the current scheme put either a burden on an
> administrator or on the user?
>
> E.g. shall we rename the "enter login name" to simply "enter your email
> address" in the documentation and the GUI?
>
> Yours,
> -- martin
>
> Dipl.-Phys. Martin Konold
>
> e r f r a k o n
> Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
> Nobelstrasse 15, 70569 Stuttgart, Germany
> fon: 0711 67400963, fax: 0711 67400959
> email: martin.konold at erfrakon.de
Okay, there is a misunderstanding. Basically, I'm not only looking at
e-mail/groupware administration, I'm looking at my complete network, from
domain controllers to internet access.
I currently have a groupware solution in place, but I'm looking for another.
Right now, I use HP OpenMail. HP has discontinued this product, and use of
their 50 user free license expires in 2005. So, now I'm looking for a
replacement. I'm hoping Kroupware will be that replacement, so I'm watching
your progress closely (including attempting CVS builds, which I have never
done before).
Right now, I'm using a Windows 2000 Active Directory server for my logons,
since we primarily run Windows. I have finally gotten my Linux boxes to
authenticate against Active Directory using PAM_LDAP, and I would like to
continue using this method, even if I eventually change the server.
Now, I also have a website that my users need to logon to. I'm planning to
change this to use LDAP authentication also. It currently looks up this
information in a database. I'm still looking for options here.
Finally, I have an ERP system which uses its own authentication system. This
system limits usernames to 4 characters. Here I am with 4 separate places
with user administration. In order to minimize the impact of all these
different authentication methods on my users, we have chosen to use the same
usernames in each system. This limits me to 4 character usernames. This
works for Active Directory, the website, and the ERP system. OpenMail uses a
separate directory and doesn't use the Unix/LDAP logons. Instead, my users
have to use their names. So, email is currently the only system that doesn't
fit into this scheme.
Now, with Kroupware requiring the e-mail address to be the UID, email still
will not fit into that scheme. This in itself isn't a huge problem, since I
would have to go to each computer and change the e-mail settings anyway.
It's just not quite as intuitive as telling my users to 'Log on with the same
username and password you use everywhere else.' The ones that would be
really confused are my webmail users, but I won't go there yet.
As far as complete system administration goes, Kroupware's current login
scheme only leaves me 4 options:
1) Only consolidate website and windows logins. This still leaves 3
administration points: Active Directory; Kroupware's OpenLDAP; ERP. Not
much improvement in this area.
2) Authenticate using Kroupware's OpenLDAP directory. This will bring me
down to 2 administration points: OpenLDAP and ERP. Correct me if I'm wrong,
but now this will require my users to login with their e-mail addresses. 4
character logins now become minimum 21 characters. (My smallest e-mail
address is ???@maximlighting.com) This will not go over well with my users.
3) Change Kroupware myself (or with help) to use custom UID. Since I'm not a
C programmer, this would be difficult and possibly keep me out of date with
current Kroupware versions.
4) Use replication/mapping between Active Directory and OpenLDAP. This would
meet my goal as far as system administration goes, but I'm not sure yet how
to accomplish this.
A final option would be to use something else, but this project looks like it
has the potential to be something great. Most of your goals appear to be the
same as what I'm looking for. Being Open Source and standards based, it
should be fairly simple for other projects to integrate with Kroupware. I
already use KDE as my primary desktop, including KMail and KOrganizer.
So, now you should be able to understand where I'm coming from. It probably
shouldn't matter where this project is concerned. My job is system
administration (among other things), but once in a while I forget to enter
someone into our website or email systems. So, I thought I would throw it
out here. If I can consolidate system administration into only 2 places with
minimal impact on the users, I wouldn't have quite so many problems as I have
now.
Anyway, I just wanted to let you know where I'm coming from, and trying to end
this thread now.
--
Christopher Lewis
Systems Administrator
Maxim Lighting International
chris at maximlighting.com
(626) 964-7500 x268
More information about the Kroupware
mailing list