Zimbra as Active Directory replacement

[lfarkas]

IMHO one of the biggest problem with windows to linux move in the server side are the missing killer apps, probably the most important are Exchange and Active Directory. With Zimbra we've got a chance to replace Exchange with Zimbra (probably many Windows beliver can agrue with it, but let me forget about it for a second:-). It's mail server MTA, both IMAP, POP3, webmail, calendar, contact and outlook connector too. But we still can't replace Active Directory which is not just an LDAP server but tightly integrated with Exchange. Windows sysadm has to add new users once and can modify all kind of attribs in one place in AD. so even if we can change Exchange to Zimbra the system get more complicated. Users have to add both to the AD and Zimbra, keep them in sync what's more still need Windows. Even if we can replace AD with Samba with another LDAP server, the sysadms still have much more work, more complicate tasks and have to hack a lots of thing together (and I'm still sure that the given system will be inconsistent in a year later). It doesn't have such a nice gui (as AD) to manage the whole system.
But it could have been done easily with Zimbra with a 'small' enhancement! It has a nice working and tested admin ui. it (seems) to desing well and can be extended easily. If we can manage posix and samba account in Zimbra's LDAP server through Zimbra admin UI, than we've got everything (we only must configure Samba to use Zimbra's LDAP server) and in this case that can be a real killer app!
What we need?
- extend account ui for posix objectclasses' ldap attrib management (like posixAccount, posixGroup, etc.)
- extend account ui for samba objectclasses' ldap attrib management (like sambaSamAccount, sambaGroupMapping, etc.)
after read through the thread:
Tight samba integration with zimbra
and the docs at:
http://wiki.zimbra.com/index.php?tit...nding_Admin_UI
It seems to me that could have to be done easily, but need some work:-(
It'd be nice if someone from zimbra can help for us (may be Greg or KevinH:-)
We can do it in the easier way as suggested in the above doc to call an external URL, but probably can be done in the right way with the same amount of time.
I open a new wiki page about it, but first would like to collect everyone's suggestions, before write some kind of desing info:
http://wiki.zimbra.com/index.php?tit...nt_in_Admin_UI
So what are you think about it?

[phoenix]

Why not use Fedora Directory Server rather than Samba? That might be a simplistic question but I'm still new to Linux.

[KevinH]

Samba =! LDAP. We ship OpenLDAP already so no need for Fedora directory unless you want to complicate things.

The best way to approach this would be to write an Admin UI extension. You don't need to call a separate URL but can make all the changes modifications in JavaScript. Once this is working and tested it will be much simpler to get integrated into Zimbra or shipped as optional extension that is easy to enable.

So start you'll want to try adding the Samba LDAP attrs to the schema and get Samba working on a Zimbra install. Ideally just the minimal set to prevent any duplication. Then you can use LDAP commands/zmprov to modify things. Finally moving up the stack and adding support for those attributes in the Admin UI extension.

[KevinH]

Quote:

Originally Posted by lfarkas

- extend account ui for posix objectclasses' ldap attrib management (like posixAccount, posixGroup, etc.)

Why? Zimbra already manages Postfix for you. What are you looking to gain here?

[lfarkas]

Quote:

Originally Posted by KevinH

Why? Zimbra already manages Postfix for you. What are you looking to gain here?

simple because it's probably easier than samba. samba has about 5-10 objectcalss and many attrs while posix has less. on the other hand if you read my post carefully i wrote posix not postfix!!! like posixAccount and posixGroup which can be used for unix/linux login, goup etc. imho it'd be much simple to implement in the first stage and then based on this work it can be easier to implement samba.

[lfarkas]

Quote:

Originally Posted by phoenix

Why not use Fedora Directory Server rather than Samba? That might be a simplistic question but I'm still new to Linux.

it has nothing to with ldap server implementation it's about the attrib manipulation trough zimra admin ui.

[phoenix]

Quote:

Originally Posted by lfarkas

it has nothing to with ldap server implementation it's about the attrib manipulation trough zimra admin ui.

Yes, I think KevinH already told me that.

[Robert Mortimer]

I already have an integrated SAMBA/MAIL system.

I use sendmail, dovecot, openldap, LAM, SAMBA and milters for vacation, anti-virus & mail archiving. Apart from the fact that it lacks polish it all works quite well. I would jump to Zimbra in a flash if I could have some pointers on the following:-

Integrating the samba schemas with Zimbra
Setting the Zimbra LDAP password
Accessing the Zimbra LDAP server using SAMBA

As a start a quick hint on where to get the passwords so I can connect with connecting using phpLDAPadmin would be a start (the default is hashed in slapd.conf and I think it is randomly generated as part of the install)

There are guides on how to do this for kolab but they arrived after I went through this process the first time.

Rob

[phoenix]

Quote:

Originally Posted by Robert Mortimer

As a start a quick hint on where to get the passwords so I can connect with connecting using phpLDAPadmin would be a start (the default is hashed in slapd.conf and I think it is randomly generated as part of the install)

In zmsetup.log would be the place to look.

[Robert Mortimer]

After a "locate -u" "locate zmsetup.log" returned a blank.

Any more ideas? I am just running a test server at the moment so a re-install is not out of the question.