Custom applications authenticating and modifying Zimbra LDAP

[nyeholt]

We've recently started using Zimbra primarily for its mail capabilities, and so far everything's running smooth. This is a replacement for a standalone mail server config. Additionally a standalone OpenLDAP instance was being used for various things in the company, such as a central point of authentication for a couple of different PHP and Java based applications, authentication for a couple of websites via authnz_ldap, as well as having new objects created in it by at least one of those applications.

So far my (admittedly brief) trawling of threads and documentation hasn't turned up much on actually modifying the zimbra ldap tree other than some doco that says don't do it except via the zimbra tools. Configuring the other apps to authenticate against zimbra isn't too much of a problem, but I do need to be able to make additions/modifications to the ldap tree in a separate branch from the 'people' branch.

Is there documentation that outlines things I should be wary of when it comes to modifying the zimbra ldap tree? Am I better off setting up zimbra to use the existing standalone LDAP server as an authentication point instead and not disrupting the existing applications?

[phoenix]

Quote:

Originally Posted by nyeholt

Am I better off setting up zimbra to use the existing standalone LDAP server as an authentication point instead and not disrupting the existing applications?

You would be far better leaving Zimbra LDAP alone, we cannot guarantee that any modifications you make will not be lost during an upgrade. I'd just use your current LDAP as an external Authentication for Zimbra.

[p24t]

I use a custom tool here to manage my OpenLDAP and Zimbra at the same time. I do the OpenLDAP stuff directly over LDAP, but I use the ZCS commandline tools for Zimbra stuff. (Haven't played with SOAP yet sadly)