Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Zimbra as Active Directory replacement

  1. #1
    lfarkas is offline Active Member
    Join Date
    Nov 2005
    Location
    Hungary
    Posts
    38
    Rep Power
    9

    Default Zimbra as Active Directory replacement

    IMHO one of the biggest problem with windows to linux move in the server side are the missing killer apps, probably the most important are Exchange and Active Directory. With Zimbra we've got a chance to replace Exchange with Zimbra (probably many Windows beliver can agrue with it, but let me forget about it for a second:-). It's mail server MTA, both IMAP, POP3, webmail, calendar, contact and outlook connector too. But we still can't replace Active Directory which is not just an LDAP server but tightly integrated with Exchange. Windows sysadm has to add new users once and can modify all kind of attribs in one place in AD. so even if we can change Exchange to Zimbra the system get more complicated. Users have to add both to the AD and Zimbra, keep them in sync what's more still need Windows. Even if we can replace AD with Samba with another LDAP server, the sysadms still have much more work, more complicate tasks and have to hack a lots of thing together (and I'm still sure that the given system will be inconsistent in a year later). It doesn't have such a nice gui (as AD) to manage the whole system.
    But it could have been done easily with Zimbra with a 'small' enhancement! It has a nice working and tested admin ui. it (seems) to desing well and can be extended easily. If we can manage posix and samba account in Zimbra's LDAP server through Zimbra admin UI, than we've got everything (we only must configure Samba to use Zimbra's LDAP server) and in this case that can be a real killer app!
    What we need?
    - extend account ui for posix objectclasses' ldap attrib management (like posixAccount, posixGroup, etc.)
    - extend account ui for samba objectclasses' ldap attrib management (like sambaSamAccount, sambaGroupMapping, etc.)
    after read through the thread:
    Tight samba integration with zimbra
    and the docs at:
    http://wiki.zimbra.com/index.php?tit...nding_Admin_UI
    It seems to me that could have to be done easily, but need some work:-(
    It'd be nice if someone from zimbra can help for us (may be Greg or KevinH:-)
    We can do it in the easier way as suggested in the above doc to call an external URL, but probably can be done in the right way with the same amount of time.
    I open a new wiki page about it, but first would like to collect everyone's suggestions, before write some kind of desing info:
    http://wiki.zimbra.com/index.php?tit...nt_in_Admin_UI
    So what are you think about it?

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,581
    Rep Power
    57

    Default

    Why not use Fedora Directory Server rather than Samba? That might be a simplistic question but I'm still new to Linux.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Samba =! LDAP. We ship OpenLDAP already so no need for Fedora directory unless you want to complicate things.

    The best way to approach this would be to write an Admin UI extension. You don't need to call a separate URL but can make all the changes modifications in JavaScript. Once this is working and tested it will be much simpler to get integrated into Zimbra or shipped as optional extension that is easy to enable.

    So start you'll want to try adding the Samba LDAP attrs to the schema and get Samba working on a Zimbra install. Ideally just the minimal set to prevent any duplication. Then you can use LDAP commands/zmprov to modify things. Finally moving up the stack and adding support for those attributes in the Admin UI extension.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  4. #4
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Quote Originally Posted by lfarkas
    - extend account ui for posix objectclasses' ldap attrib management (like posixAccount, posixGroup, etc.)
    Why? Zimbra already manages Postfix for you. What are you looking to gain here?
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  5. #5
    lfarkas is offline Active Member
    Join Date
    Nov 2005
    Location
    Hungary
    Posts
    38
    Rep Power
    9

    Default

    Quote Originally Posted by KevinH
    Why? Zimbra already manages Postfix for you. What are you looking to gain here?
    simple because it's probably easier than samba. samba has about 5-10 objectcalss and many attrs while posix has less. on the other hand if you read my post carefully i wrote posix not postfix!!! like posixAccount and posixGroup which can be used for unix/linux login, goup etc. imho it'd be much simple to implement in the first stage and then based on this work it can be easier to implement samba.

  6. #6
    lfarkas is offline Active Member
    Join Date
    Nov 2005
    Location
    Hungary
    Posts
    38
    Rep Power
    9

    Default

    Quote Originally Posted by phoenix
    Why not use Fedora Directory Server rather than Samba? That might be a simplistic question but I'm still new to Linux.
    it has nothing to with ldap server implementation it's about the attrib manipulation trough zimra admin ui.

  7. #7
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,581
    Rep Power
    57

    Default

    Quote Originally Posted by lfarkas
    it has nothing to with ldap server implementation it's about the attrib manipulation trough zimra admin ui.
    Yes, I think KevinH already told me that.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Robert Mortimer is offline Active Member
    Join Date
    Apr 2006
    Posts
    31
    Rep Power
    9

    Talking Samba Ldap Mail

    I already have an integrated SAMBA/MAIL system.

    I use sendmail, dovecot, openldap, LAM, SAMBA and milters for vacation, anti-virus & mail archiving. Apart from the fact that it lacks polish it all works quite well. I would jump to Zimbra in a flash if I could have some pointers on the following:-

    Integrating the samba schemas with Zimbra
    Setting the Zimbra LDAP password
    Accessing the Zimbra LDAP server using SAMBA

    As a start a quick hint on where to get the passwords so I can connect with connecting using phpLDAPadmin would be a start (the default is hashed in slapd.conf and I think it is randomly generated as part of the install)

    There are guides on how to do this for kolab but they arrived after I went through this process the first time.

    Rob

  9. #9
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,581
    Rep Power
    57

    Default

    Quote Originally Posted by Robert Mortimer
    As a start a quick hint on where to get the passwords so I can connect with connecting using phpLDAPadmin would be a start (the default is hashed in slapd.conf and I think it is randomly generated as part of the install)
    In zmsetup.log would be the place to look.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    Robert Mortimer is offline Active Member
    Join Date
    Apr 2006
    Posts
    31
    Rep Power
    9

    Default

    After a "locate -u" "locate zmsetup.log" returned a blank.

    Any more ideas? I am just running a test server at the moment so a re-install is not out of the question.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 26
    Last Post: 04-19-2011, 09:24 AM
  2. [SOLVED] Clamav problem ? What's happening ?
    By aNt1X in forum Installation
    Replies: 23
    Last Post: 02-14-2008, 05:43 AM
  3. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  4. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 10:47 AM
  5. Monitoring : Data not yet avalaible
    By s3nz3x in forum Installation
    Replies: 7
    Last Post: 11-30-2005, 07:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •