Results 1 to 4 of 4

Thread: openldap - different sets of schemas on different servers?

  1. #1
    justanotheruser is offline Intermediate Member
    Join Date
    Sep 2006
    Posts
    16
    Rep Power
    8

    Default openldap - different sets of schemas on different servers?

    If I want to tie in Zimbra to our existing openldap servers, do i have to modify the zimbra slapd.conf to contain the same set of schema files? We use the nis.schema and a custom schema.

    Based on some googling and thinking it over, it looks like you don't have to - that you could have a setup like this:

    - zimbra machine (with zimbra schema)
    - openldap server A (with nis.schema)
    - oepnldap server B (with custom.schema)


    ...is my understanding correct?

  2. #2
    zaf
    zaf is offline Partner (VAR/HSP)
    Join Date
    Jan 2006
    Location
    Lafayette, LA
    Posts
    81
    Rep Power
    9

    Default

    Right, You can have Zimbra authenticate against any existing LDAP server, without modifying the schemas. When you configure a domain in Zimbra, you tell it how you want it to do LDAP lookups to authenticate its users.

  3. #3
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    if you use external auth on a domain to chain the user auth against another ldap server, then you have to 'synch' the accounts manually, in that you have to run some script to create accounts on both ldap servers as they're not linked.

    altering the zimbra ldap to deal with custom schema is not recommended, there's no guarantee it will be preserved or understood across upgrades - the upgrade scripts are quite complex and likely will break if they come across unexpected constraints.

  4. #4
    justanotheruser is offline Intermediate Member
    Join Date
    Sep 2006
    Posts
    16
    Rep Power
    8

    Default

    Let me check if I understood you right or if you explained what you meant clearly - are you saying that I can have this scenario:

    - custom schema on SERVER1 but NOT on SERVER2
    - sync accounts between SERVER1 and SERVER2

    Then if I were to do an LDAP search on SERVER2 it will be smart enough to join across to find data out of SERVER1's custom schema?

    So, I'm not modifying the zimbra.schema, just adding into the mix, my own custom schema.


    Quote Originally Posted by dijichi2 View Post
    if you use external auth on a domain to chain the user auth against another ldap server, then you have to 'synch' the accounts manually, in that you have to run some script to create accounts on both ldap servers as they're not linked.

    altering the zimbra ldap to deal with custom schema is not recommended, there's no guarantee it will be preserved or understood across upgrades - the upgrade scripts are quite complex and likely will break if they come across unexpected constraints.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Custom LDAP Server
    By KermitTheFragger in forum Developers
    Replies: 22
    Last Post: 12-30-2007, 02:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •