On Wed, 27 May 2015, Martin Kosek wrote:
On 05/26/2015 07:36 PM, Carlos Raúl Laguna wrote:
Hello Martin,

The email deployment it is a groupware in this scenario Kolab, kolab use
389 ad as main backend and it require some kolab ldap specific attribute to
work properly, this is not a problem in fact is quite easy to use freeipa
as kolab backend, so far so good but the romance only get this far. Since
we also use Windows Ad with forest-trust not all user are present in the
FreeIPA directory and there it is where my problem lays. Since not all user
are in the same box it become difficult to implement one mail system for
all users. Regards

As I said, we have compat tree that allows LDAP BIND authentication and LDAP
identity (not enumeration) for both IPA users and AD users when realm is in 

You can even update the configuration of the compat tree and add the kolab
specific fields to be generated there too. There was very similar request on
freeipa-users. It was for vSphere, but dealing with very similar use case and
the final solution:


Would that approach work for you?
I don't think it will work. compat tree is run-time read-only view of
the data coming from somewhere else. You need to have Kolab-specific
data available somewhere to be able to inject it in the compat tree.
Where would that data be stored for Kolab for AD-specific entries?

Additionally, Kolab wants to modify these custom attributes and compat
tree simply does not support modification, they all are refused.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to