Quote:
Originally Posted by jeffreyheinen  I have considered slaving Zimbra to the OpenDirectory directly. However, I think that would be a very bad idea. The structure is too different. |
What do you mean by "structure," exactly? Do you mean schema? That is to be expected. I mean, Zimbra uses different attributes, but I would think there would be some overlap. Accounting for this should be a simple matter of copying the zimbra schema files and extending OpenDirectory with them (they both use OpenLDAP, after all)
But if you mean stucture in the sense of container names, I agree, Zimbra uses ou=People and OpenDirectory uses ou=Users. That that is the only major differnce I can find. And I'm wondering if there is a fix for this. Shouldn't be too hard to tell Zimbra to look in ou=users,dc=domain,dc=edu. I just need to know how.
I'm also a little concerned about how Zimbra authenticates to its "internal" LDAP directory. The docs say it stores SHA1 hash, but OpenDirectory uses PasswordManager to store authentication info. The userPassword attribute is just a stub in OD as far as I can tell.
I did see a post on AFP548 about someone who claims to have nearly completed the integration, but he hasn't posted his results or instructions. Here:
AFP548 - Changing the world one server at a time.
I dunno, maybe it it isn't really so important to have everything in one directory... it just seems more elegant to me. Like if I ever have to script LDAP operations, it would be nice to only require one LDAP bind. I already have a custom app that uses LDAP information, and with Zimbra it would require two connections to get the full user attributes.
-matthew