Custom LDAP Server

[KermitTheFragger]

Hi all,

I'm currently in the proces of evaluating Zimbra; Looking really good so far

One thing i noticed tough is that Zimbra comes with its own customized version of OpenLDAP. I would like to use my current OpenLDAP installation instead of the one that comes with Zimbra.

Using the external authentication options is not really a good substitute for me since that would require syncing additional info like given name, adres, etc.

From what I saw the only thing that Zimbra expects from its LDAP server is a cn=Zimbra tree, Zimbra schema's and a custom slapd.conf with indexes and ACL's.

Is there something im missing ? Or could this kind of setup be used in a production environment ? Or is it otherwise not advisable to do such a thing ?

[JoshuaPrismon]

Quote:

Originally Posted by KermitTheFragger

Hi all,

I'm currently in the proces of evaluating Zimbra; Looking really good so far

One thing i noticed tough is that Zimbra comes with its own customized version of OpenLDAP. I would like to use my current OpenLDAP installation instead of the one that comes with Zimbra.

Using the external authentication options is not really a good substitute for me since that would require syncing additional info like given name, adres, etc.

From what I saw the only thing that Zimbra expects from its LDAP server is a cn=Zimbra tree, Zimbra schema's and a custom slapd.conf with indexes and ACL's.

Is there something im missing ? Or could this kind of setup be used in a production environment ? Or is it otherwise not advisable to do such a thing ?

You may want to look at migrating all of that information into the Zimbra ldap. Zimbra does schema changes with new versions, and I suspect (although someone who works for Zimbra would have a better idea) that this might break the upgrade path.

[KermitTheFragger]

Quote:

Originally Posted by JoshuaPrismon

that this might break the upgrade path.

Thats exactly what I'm afraid off. But since its all LDAP, it wouldn't be very difficult to make the upgrade program work (the LDAP part thereof) with something like Fedora Directory Server for example ?

I agree that offering a total solution with an integrated LDAP server is a good thing(tm). But I think (certainly with the open sourcing of the Netscape directory server and the maturing of Apache Directory Server) that there are people interested in using their own LDAP server.

Perhaps this is more a topic for the development forum.

[dijichi2]

be great to see openldap replaced with fds as the heart of zimbra, but i don't think it will happen in the short term simply for the fact that fds is very poorly supported outside of rhel/fedora, and its a pig to build - in fact even harder than zimbra!

then you get into the religious arguments about multimaster.. oops can of worms

[JoshuaPrismon]

Quote:

Originally Posted by KermitTheFragger

Thats exactly what I'm afraid off. But since its all LDAP, it wouldn't be very difficult to make the upgrade program work (the LDAP part thereof) with something like Fedora Directory Server for example ?

I agree that offering a total solution with an integrated LDAP server is a good thing(tm). But I think (certainly with the open sourcing of the Netscape directory server and the maturing of Apache Directory Server) that there are people interested in using their own LDAP server.

Perhaps this is more a topic for the development forum.

I've moved this topic to the development area. I do think that there might be room for a community distribution using FDS instead of OpenLDAP, although I confess that I am not enough of a expert on FDS to be able to comment on the benefits of such a move.

If you are familiar enough with FDS, why not give it a try?

[KermitTheFragger]

Im willing to give it a shot on ApacheDS or Fedora DS. So Zimbra expects nothing more then:

- cn=Zimbra tree
- Zimbra Schema's
- Indexes and correct ACL's

Besides those three points, there is no hidden magic in the Zimbra OpenLDAP server ?

[JoshuaPrismon]

Quote:

Originally Posted by KermitTheFragger

Im willing to give it a shot on ApacheDS or Fedora DS. So Zimbra expects nothing more then:

- cn=Zimbra tree
- Zimbra Schema's
- Indexes and correct ACL's

Besides those three points, there is no hidden magic in the Zimbra OpenLDAP server ?

I believe the server might also be on a non-standard port. As usual there are Zm variables that control where the server is. Given that Zimbra puts in a lot of work to deal with multiple LDAP servers, this might be feasable.

Please let us know how it works out, and what you find!

[dijichi2]

there's hidden magic in the zimbra version of sasl, which may or may not affect openldap, as sasl is so tightly intertwined with ldapv3.

apart from that, the build scripts, install scripts, upgrade scripts etc are all hardcoded for openldap so making this generic would be the first step. it's something i've wanted to do for long time and if no-one else has done i'll have a stab after solaris port is done (yes, it will happen eventually..).

if scalability, stability, and commercial grade software/support is the issue (which is a very good reason for doing this sort of adaptation), it might be better to start with the more modern commercial derivative, SunONE ldap server.

Quote:

I believe the server might also be on a non-standard port.

zimbra ldap uses standard port, would be v.nice if it would move off by default. i think it has probably stayed here to make the GAL available to mail clients with minimal pain.

[KermitTheFragger]

Quote:

Originally Posted by dijichi2

there's hidden magic in the zimbra version of sasl, which may or may not affect openldap

What kind of magic are we talking about ? Extra SASL authentication mechanisms ?

Quote:

Originally Posted by dijichi2

if scalability, stability, and commercial grade software/support is the issue (which is a very good reason for doing this sort of adaptation), it might be better to start with the more modern commercial derivative, SunONE ldap server.

As always with opensource, its about choice :-) IMHO it must be possible to make an abstraction layer / framework for Zimbra which would allow it to work with any LDAPv3 compliant LDAP server.

[djve]

I know I'm late to this party but I have a similar problem but a different solution and a question from my solution.

Why not use another database entry in the slapd.conf file? You just need add any site specific schemas.

So if this works (and I'm about to try it) how can I preserve my changes to slapd.conf during an upgrade? Making a copy and restoring our edits to slapd.conf is simple for us but it would be nicer if Zimbra handles changes during an upgrade.