Quick overview of my network:

1 - remote hosting facility in LA where our zimbra install is located
2 - dedicated T1 from our office to the LA datacenter. So all traffic from our office goes to our cabinet in LA then out to the internet.

I want everyone in the office (mac, linux, windows...eventually) to be able to authenticate to the Zimbra LDAP server so I can have single sign-on. BUT I also don't want to depend on the T1 line so that if it's down the office isn't completely unusable.

The solution I've come up with is to run a ldap server in the local office that replicates the remote zimbra ldap server and have samba authenticate against the local ldap server.

That way I can still use the instructions on the wiki to manage users in the zimbra UI. Then the changes will be replicated down to the local office and samba can run a PDC off that. If the T1 between the local office and the data center goes down, then people will still be able to log in and work (abit, without email/internet)

Am I way off base or does that sound like a reasonable solution?

Thanks for your advice,
Ajay