Zimbra as Active Directory replacement
IMHO one of the biggest problem with windows to linux move in the server side are the missing killer apps, probably the most important are Exchange and Active Directory. With Zimbra we've got a chance to replace Exchange with Zimbra (probably many Windows beliver can agrue with it, but let me forget about it for a second:-). It's mail server MTA, both IMAP, POP3, webmail, calendar, contact and outlook connector too. But we still can't replace Active Directory which is not just an LDAP server but tightly integrated with Exchange. Windows sysadm has to add new users once and can modify all kind of attribs in one place in AD. so even if we can change Exchange to Zimbra the system get more complicated. Users have to add both to the AD and Zimbra, keep them in sync what's more still need Windows. Even if we can replace AD with Samba with another LDAP server, the sysadms still have much more work, more complicate tasks and have to hack a lots of thing together (and I'm still sure that the given system will be inconsistent in a year later). It doesn't have such a nice gui (as AD) to manage the whole system.
But it could have been done easily with Zimbra with a 'small' enhancement! It has a nice working and tested admin ui. it (seems) to desing well and can be extended easily. If we can manage posix and samba account in Zimbra's LDAP server through Zimbra admin UI, than we've got everything (we only must configure Samba to use Zimbra's LDAP server) and in this case that can be a real killer app!
What we need?
- extend account ui for posix objectclasses' ldap attrib management (like posixAccount, posixGroup, etc.)
- extend account ui for samba objectclasses' ldap attrib management (like sambaSamAccount, sambaGroupMapping, etc.)
after read through the thread:
and the docs at:
It seems to me that could have to be done easily, but need some work:-(
It'd be nice if someone from zimbra can help for us (may be Greg or KevinH:-)
We can do it in the easier way as suggested in the above doc to call an external URL, but probably can be done in the right way with the same amount of time.
I open a new wiki page about it, but first would like to collect everyone's suggestions, before write some kind of desing info:
So what are you think about it?