Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Custom LDAP Server

  1. #1
    KermitTheFragger is offline Junior Member
    Join Date
    Jun 2007
    Posts
    7
    Rep Power
    8

    Default Custom LDAP Server

    Hi all,

    I'm currently in the proces of evaluating Zimbra; Looking really good so far

    One thing i noticed tough is that Zimbra comes with its own customized version of OpenLDAP. I would like to use my current OpenLDAP installation instead of the one that comes with Zimbra.

    Using the external authentication options is not really a good substitute for me since that would require syncing additional info like given name, adres, etc.

    From what I saw the only thing that Zimbra expects from its LDAP server is a cn=Zimbra tree, Zimbra schema's and a custom slapd.conf with indexes and ACL's.

    Is there something im missing ? Or could this kind of setup be used in a production environment ? Or is it otherwise not advisable to do such a thing ?

  2. #2
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Quote Originally Posted by KermitTheFragger View Post
    Hi all,

    I'm currently in the proces of evaluating Zimbra; Looking really good so far

    One thing i noticed tough is that Zimbra comes with its own customized version of OpenLDAP. I would like to use my current OpenLDAP installation instead of the one that comes with Zimbra.

    Using the external authentication options is not really a good substitute for me since that would require syncing additional info like given name, adres, etc.

    From what I saw the only thing that Zimbra expects from its LDAP server is a cn=Zimbra tree, Zimbra schema's and a custom slapd.conf with indexes and ACL's.

    Is there something im missing ? Or could this kind of setup be used in a production environment ? Or is it otherwise not advisable to do such a thing ?
    You may want to look at migrating all of that information into the Zimbra ldap. Zimbra does schema changes with new versions, and I suspect (although someone who works for Zimbra would have a better idea) that this might break the upgrade path.

  3. #3
    KermitTheFragger is offline Junior Member
    Join Date
    Jun 2007
    Posts
    7
    Rep Power
    8

    Default

    Quote Originally Posted by JoshuaPrismon View Post
    that this might break the upgrade path.
    Thats exactly what I'm afraid off. But since its all LDAP, it wouldn't be very difficult to make the upgrade program work (the LDAP part thereof) with something like Fedora Directory Server for example ?

    I agree that offering a total solution with an integrated LDAP server is a good thing(tm). But I think (certainly with the open sourcing of the Netscape directory server and the maturing of Apache Directory Server) that there are people interested in using their own LDAP server.

    Perhaps this is more a topic for the development forum.

  4. #4
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    be great to see openldap replaced with fds as the heart of zimbra, but i don't think it will happen in the short term simply for the fact that fds is very poorly supported outside of rhel/fedora, and its a pig to build - in fact even harder than zimbra!

    then you get into the religious arguments about multimaster.. oops can of worms

  5. #5
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Quote Originally Posted by KermitTheFragger View Post
    Thats exactly what I'm afraid off. But since its all LDAP, it wouldn't be very difficult to make the upgrade program work (the LDAP part thereof) with something like Fedora Directory Server for example ?

    I agree that offering a total solution with an integrated LDAP server is a good thing(tm). But I think (certainly with the open sourcing of the Netscape directory server and the maturing of Apache Directory Server) that there are people interested in using their own LDAP server.

    Perhaps this is more a topic for the development forum.
    I've moved this topic to the development area. I do think that there might be room for a community distribution using FDS instead of OpenLDAP, although I confess that I am not enough of a expert on FDS to be able to comment on the benefits of such a move.

    If you are familiar enough with FDS, why not give it a try?
    Last edited by JoshuaPrismon; 06-11-2007 at 08:58 PM.

  6. #6
    KermitTheFragger is offline Junior Member
    Join Date
    Jun 2007
    Posts
    7
    Rep Power
    8

    Default

    Im willing to give it a shot on ApacheDS or Fedora DS. So Zimbra expects nothing more then:

    - cn=Zimbra tree
    - Zimbra Schema's
    - Indexes and correct ACL's

    Besides those three points, there is no hidden magic in the Zimbra OpenLDAP server ?

  7. #7
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Quote Originally Posted by KermitTheFragger View Post
    Im willing to give it a shot on ApacheDS or Fedora DS. So Zimbra expects nothing more then:

    - cn=Zimbra tree
    - Zimbra Schema's
    - Indexes and correct ACL's

    Besides those three points, there is no hidden magic in the Zimbra OpenLDAP server ?
    I believe the server might also be on a non-standard port. As usual there are Zm variables that control where the server is. Given that Zimbra puts in a lot of work to deal with multiple LDAP servers, this might be feasable.

    Please let us know how it works out, and what you find!

  8. #8
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    there's hidden magic in the zimbra version of sasl, which may or may not affect openldap, as sasl is so tightly intertwined with ldapv3.

    apart from that, the build scripts, install scripts, upgrade scripts etc are all hardcoded for openldap so making this generic would be the first step. it's something i've wanted to do for long time and if no-one else has done i'll have a stab after solaris port is done (yes, it will happen eventually..).

    if scalability, stability, and commercial grade software/support is the issue (which is a very good reason for doing this sort of adaptation), it might be better to start with the more modern commercial derivative, SunONE ldap server.

    I believe the server might also be on a non-standard port.
    zimbra ldap uses standard port, would be v.nice if it would move off by default. i think it has probably stayed here to make the GAL available to mail clients with minimal pain.

  9. #9
    KermitTheFragger is offline Junior Member
    Join Date
    Jun 2007
    Posts
    7
    Rep Power
    8

    Default

    Quote Originally Posted by dijichi2 View Post
    there's hidden magic in the zimbra version of sasl, which may or may not affect openldap
    What kind of magic are we talking about ? Extra SASL authentication mechanisms ?

    Quote Originally Posted by dijichi2 View Post
    if scalability, stability, and commercial grade software/support is the issue (which is a very good reason for doing this sort of adaptation), it might be better to start with the more modern commercial derivative, SunONE ldap server.
    As always with opensource, its about choice :-) IMHO it must be possible to make an abstraction layer / framework for Zimbra which would allow it to work with any LDAPv3 compliant LDAP server.

  10. #10
    djve's Avatar
    djve is offline Senior Member
    Join Date
    May 2007
    Location
    San Mateo
    Posts
    68
    Rep Power
    8

    Default

    I know I'm late to this party but I have a similar problem but a different solution and a question from my solution.

    Why not use another database entry in the slapd.conf file? You just need add any site specific schemas.

    So if this works (and I'm about to try it) how can I preserve my changes to slapd.conf during an upgrade? Making a copy and restoring our edits to slapd.conf is simple for us but it would be nicer if Zimbra handles changes during an upgrade.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. initializing ldap...FAILED(256)ERROR
    By manjunath in forum Installation
    Replies: 39
    Last Post: 06-07-2013, 10:27 AM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  5. Error 256 on Installation
    By RuinExplorer in forum Installation
    Replies: 5
    Last Post: 10-19-2006, 09:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •