Customizing Zimbra Directory

[abatkin]

We have recently rolled out Zimbra 6.0.4 OSE to production, using Zimbra's own internal LDAP server for its own authentication (in other words, a standard out-of-the-box configuration).

We have a number of other applications that are currently talking to our old LDAP server but I am slowly transitioning them across to use Zimbra's directory for authentication. The problem we have encountered is that there is often a need for those applications to use LDAP in a way that Zimbra doesn't easily support. For example, some of the applications that we run insist on searching the directory for a user before binding as that user. Other applications run in to issues because of the fact that some attributes (like zimbraMailCanonicalAddress) aren't accessible for search/read even for the user that you are bound as.

I am aware that I can easily add additional LDAP users (service accounts) and modify ACLs but I am concerned that this might complicate upgrades; An upgrade may fail, or these manual changes may get clobbered and need to be re-applied.

Are there any "supported" ways of dealing with service accounts and ACL changes? What's the best way to ensure that upgrades won't break and we won't have to manually apply changes every time we change something?

[ArcaneMagus]

This article has some good examples of how to change things like ACL's: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki

On my system I have that plus a few other extra ACL modifications that have so far stayed across 4 upgrades on the 6.0.x branch. This new LDAP is much easier on upgrades. I don't know if there is technically a "supported" way to do this though, other then the standard of set it up, but it could go away on upgrades. So far it hasn't happened for any of my LDAP customizations though