Openldap:passwords of users synchronized when omldapsync?

[potatoinmiri]

Dear friends,

3 quick questions:

1) i have openldap setup and i am able to login to user accounts through either the scalix password or openldap password. My question is, having two different password is useless, once i do omldapsync, does the password of the user account get synchronized too? from my observation of the ldapsync13.schema, it seems to me that it is not.Am i right?

2) If my asssumption from 1 is right, then is there a way for me to have the user accounts created with synchronized password at scalix and openldap? that means when accounts are created, only one password will be used for login. scalix and openldap do not allow to have their individual password.

3) If synchronized password as mentioned in 2 is possible, is there a way for me to configure the authentication failover setup. Which means, i have scalixldap and openldap authentication working together. When user login, they will be prompted by the openldap authentication first, if the login username fails, (say, if openldap server is down), then scalix self ldap authentication will follow up automatically.

thanks, hopefully to hear any response.

Thanks

[chris]

1) i have openldap setup and i am able to login to user accounts through either the scalix password or openldap password. My question is, having two different password is useless, once i do omldapsync, does the password of the user account get synchronized too? from my observation of the ldapsync13.schema, it seems to me that it is not.Am i right?

The user password does not get synchronized from openLDAP; your analysis of the sync.cfg is correct.

If your users are created by omldapsync they'll have no usuable passwords set on scalix. The reason to fall back to local authentication is for accounts like sxadmin that only exist locally.

2) If my asssumption from 1 is right, then is there a way for me to have the user accounts created with synchronized password at scalix and openldap? that means when accounts are created, only one password will be used for login. scalix and openldap do not allow to have their individual password.

Normally you want to only use the password in openLDAP and synchronize nothing.

3) If synchronized password as mentioned in 2 is possible, is there a way for me to configure the authentication failover setup. Which means, i have scalixldap and openldap authentication working together. When user login, they will be prompted by the openldap authentication first, if the login username fails, (say, if openldap server is down), then scalix self ldap authentication will follow up automatically.

Scalix uses the om_auth pam module locally which doesn't use LDAP. If you want to fall back to Scalix authentication you'd need to work a bit of script magic to read passwords from openLDAP and pump them into Scalix's local userlist. IMHO it's not worth the effort. If LDAP is down your users won't be able to do much of anything in the network, so better to spend the time setting up a highly available LDAP infrastructure.

[potatoinmiri]

Hi Chris,

Thanks a lot for your reply, we are purchasing scalix license soon. Successfully integrated openldap authentication and omldapsync with scalix.
We are moving on to multi instance coz our company requires hosting of multi domain for different subsidiries.
Thanks a lot for your help