Zimbra as Active Directory replacement

[phoenix]

How about 'install.log' which I think should be in the /tmp directory.

[Robert Mortimer]

The log pointed me to /opt/zimbra/.saveconfig/config.save and it was there.

Thanks.

[lfarkas]

I already have an integrated SAMBA/MAIL system.

I use sendmail, dovecot, openldap, LAM, SAMBA and milters for vacation, anti-virus & mail archiving. Apart from the fact that it lacks polish it all works quite well. I would jump to Zimbra in a flash if I could have some pointers on the following:-

Integrating the samba schemas with Zimbra
Setting the Zimbra LDAP password
Accessing the Zimbra LDAP server using SAMBA

just simple copy samba schema file into /opt/zimbra/openldap/etc/openldap/schema/

/opt/zimbra/bin/zmlocalconfig -s| grep password

it's lisining on the normal ldap port!

As a start a quick hint on where to get the passwords so I can connect with connecting using phpLDAPadmin would be a start (the default is hashed in slapd.conf and I think it is randomly generated as part of the install)

There are guides on how to do this for kolab but they arrived after I went through this process the first time.

Rob

what have you already implement?
how do you keep in sync the samba and non samba people's ldap accounts?
and how do you manipulate them?

[Robert Mortimer]

what have you already implement?
how do you keep in sync the samba and non samba people's ldap accounts?
and how do you manipulate them?

My Fedora core 4 authenticates against the LDAP server

Users update password from windows machines (SAMBA syncs unix password)

LDAP config had to be changed so Dovecott (IMAP POP) could use the passwords

Apache LDAP auth module is used for internal web based apps

LAM (LDAP Account manager) does most of the account management along with the IDEALIX scripts

Sendmail checks valid users and aliases against the LDAP

We have an LDAP aware vacation milter for sendmail

It's short on gloss but I have a single sign-on for intranet, webmail, IMAP, POP & Windows +(VPN if I want to configure RAIDIUS)

Robert

[lfarkas]

My Fedora core 4 authenticates against the LDAP server

Users update password from windows machines (SAMBA syncs unix password)

LDAP config had to be changed so Dovecott (IMAP POP) could use the passwords

Apache LDAP auth module is used for internal web based apps

LAM (LDAP Account manager) does most of the account management along with the IDEALIX scripts

Sendmail checks valid users and aliases against the LDAP

We have an LDAP aware vacation milter for sendmail

It's short on gloss but I have a single sign-on for intranet, webmail, IMAP, POP & Windows +(VPN if I want to configure RAIDIUS)

Robert

ok that's the case now, but how do you would like to manage users with zimbra? you can't continue to use lam since it's not add zimbra account attribs, but you can't use zibra admin since it's not add posix and samba attribs. otherwise you are in a mixed enviroment and just have problems.

[mintra]

Hi

We have a customer with Samba and Zimbra both authenticating against active directory running on the same machine. Zimbra was very easy to make Authenticate against AD 20 minutes work. Samba took more than two days to get right (well done DaveM).

This may be fixed by Samba 4.

However the orginal post was Zimbra as Active directory replacement.

I am not sure how this would be done, but I want to be able to set this all up in less than an hour.

This pdf (Thanks IBM) give some pointers http://ploug.eu.org/doc/smb-ldap-a4.pdf how to do it with the idealx scripts mentioned earlier.

If Zimbra was to do the whole Job then groups and share management would need to be added.

I am just setting a system up now for a charity, they have six windows servers, at different sites and I want a single user name and password for
Windows Logon, Zimbra logon, samba Logon.

The only things that can deliver this are a mixture of Novell products (eDirectory and identity management) or Fedora active directory.

I think both of these can absorb an Active directory setup, Borg style (as in start trek), and be the directory service in charge so to speak.

I wish I had more than a grasshopper brain, else would do some coding myself.

John

[lfarkas]

Hi

We have a customer with Samba and Zimbra both authenticating against active directory running on the same machine. Zimbra was very easy to make Authenticate against AD 20 minutes work. Samba took more than two days to get right (well done DaveM).

This may be fixed by Samba 4.

However the orginal post was Zimbra as Active directory replacement.

I am not sure how this would be done, but I want to be able to set this all up in less than an hour.

This pdf (Thanks IBM) give some pointers http://ploug.eu.org/doc/smb-ldap-a4.pdf how to do it with the idealx scripts mentioned earlier.

If Zimbra was to do the whole Job then groups and share management would need to be added.

I am just setting a system up now for a charity, they have six windows servers, at different sites and I want a single user name and password for
Windows Logon, Zimbra logon, samba Logon.

imho we think different think here. what i called ad replacement is one 'database' for users (and computers) and on kind of admin ui to manage them. of course if you have a fixed number of users and you already setup an ldap server the it has nothing to do with zimbra. what i like to see is an ui which able to manage an ldap server (which is used by zimbra, samba, etc..) ans never need to manualy edit the ldap server ie. only manage through this ui.
that would be nice, easily manageable and consistent (! which is currently not soo easy). and can be setup in an hour....
that's my dream.

[Robert Mortimer]

Setting up a SAMBA PDC is not hard - see http://qvtech.cc/smbldap/ or other locations for the fantastic smbldap-installer script (10 min to get a PDC if you know where to turn on the ACLs and turn off roaming profiles).

I used this and other components to get my single sign on as stated earlier in this thread.

A next step would be to integrate Zimbra in place of my Dovecot, squirrel mail, Sendmail, Procmail and Milter elements. Just that extra bit of user management for SAMBA attributes added into Zimbra and I would be at it like a flash. As it is I am waiting for an available window.

Robert

[Robert Mortimer]

Had there been any progress on the samba PDC code?

[phoenix]

Had there been any progress on the samba PDC code?

The best place to file enhancement requests is in bugzilla, the Zimbra team can keep track of them better in there. If you want to file this in bugzilla (if it's not in there already) don't forget to vote on it.