On Mon, May 23, 2016 at 4:06 PM, "Laz C. Peterson" <[email protected]> wrote:
> Hello, > > I’ve been looking at OpenChange to configure native Outlook functionality, > but have been hesitant for quite a while, since we have multiple active > directory domains that SOGo is authenticating from. Has anyone had any > experience with multiple domains and OpenChange/SOGo? > Yes, Openchange supports multidomain. You will need to have your users in one samba (openchange uses samba for authentication, it doesn't matter what you have on your sogo.conf), also this samba needs one patch [0] to be able to support multidomain (aka log with email address, [email protected]) > > SOGo itself works great with the multiple domains … But it seems > OpenChange is not so friendly, requiring the server itself to be joined to > the AD as a domain controller — I really don’t want to have to create a new > OpenChange host for each domain. > The common way to deploy it would be to have 1 node with samba (domain controlller) with all the users and then n nodes of openchange (member server) with dcerpc_mapiproxy:samdb_url = ldap://IP_DC besides all the common openchange configuration variables. And then another node (with for example haproxy) to do the balance, this way you can have a multidomain deploy than can grow easily (it depends of the usage but I'd say 50 users per node average). > > Any help or information would be greatly appreciated. Thank you! > > ~ Laz Peterson > Paravis, LLC > -- > [email protected] > https://inverse.ca/sogo/lists > [0] https://github.com/blaxter/samba/blob/trusty-4.3/debian/patches/s4-auth-ntlm-Add-config-key-to-allow-users-with-email-address-format.patch (and use usernames are emails = yes on smb.conf) -- [email protected] https://inverse.ca/sogo/lists
