Integration with existing LDAP

[jsabater]

Hello everyone!

Just came back from Madrid, where a new customer of us is giving Zimbra a try to migrate all their accounts from a classic Postfix server. Now they have 200 licenses of the ZCS and it could grow up to 5000 users in two years.

Now it turns out that they are trying to centralise all their systems and use one OpenLDAP directory for all. They have developed a tool to manage that directory, which uses standard OpenLDAP objects plus their custom objects to create the needed schema.

And they asked me whether Zimbra would integrate with that OpenLDAP. Million dollar question, I believe. So, I've been investigating this (Zimbra forums, wiki, and my own knowledge of OpenLDAP) and, so far, I have reached to these conclusions:

1. It should work
2. It would require a huge effort in terms of investigate and test
3. Unpredictable conflicts or problems would arise.
4. Data would have to be migrated from the existing Zimbra LDAP to their central LDAP (custom made script?)
5. They are not the only one in this situation, but I have not found anyone on these forums that has successfully completed such endeavour.
6. It would require their own tool to manage their object classes
7. It would require Zimbra to manage its classes
8. Or extensions for the Zimbra admin console would have to be developed.
9. It would avoid having to duplicate accounts and data
10. Their LDAP cluster would do great in terms of performance (instead of Zimbra LDAP), as they are specifically designing it to support tons of queries from all systems.
11. It would be risky when upgrading Zimbra (I've read somewhere that Zimbra does not recommend that and won't take any responsibility)
12. It would be awesome, technically speaking.

I would like to hear opinions, past experiences, recommendations, suggestions, etc, both official and unofficial. I've read several times that Zimbra aims at supporting this, but I am afraid it's not yet the case, is it?

Thanks in advance.

[bdial]

imo you pretty much answered your own question. a lot of those reasons alone are enough to scare off anyone who would want this, myself included. the upgrade one is huge i think. given zimbra's pretty rapid release schedule, i can't imagine having to disect a release every few months to determine what has changed, and adjust things to work again with your setup. of course they could always just not upgrade for a couple of releases but usually each one contains enough significant fixes/enhancements that entice you to upgrade.

anyway, it sounds like you're fully aware of the problems and if they still decide to go through with it I wish you luck and look forward to hearing your stories!

[jsabater]

I am, indeed, aware of the difficulties of this endeavour, yet I still think that this must be a classic situation for many, if not all, big companies. Therefore it's strange that I have not been able to find any sort of good documentation, past experiences, approaches, etc. on the Zimbra website (not that I have not been able to find some stuff, but nothing conclusive, nothing really useful in this specific case and nothing official).

Anyway, it will be up to the customer to decide whether they want to invest the time and money on it. If they do, I would eventually post the results of the experiment here.