Zimbra + Samba as a BDC

[bubarooni]

I found an excellent Zimbra + Samba PDC config guide at:

UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - ZimbraWiki

,but I need to replace an existing Exchange 5.5/NT 4.0 BDC.

I've searched for that but come up empty. Has anyone ever tried that or could I somehow modify the steps in the link above to do so?

Also, I think I've read in a couple of places that I really should run Zimbra by itself on the server. Would running Samba as a BDC on the same box violate that?

Thanks In Advance for any ideas, hints or tips!

[Greg]

Quote:

Originally Posted by bubarooni

I found an excellent Zimbra + Samba PDC config guide at:

UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - ZimbraWiki

Thanks!

Quote:

,but I need to replace an existing Exchange 5.5/NT 4.0 BDC.

What is your Primary Domain Controller? If your Primary Domain Controller is NT and you, for some reason want to keep it and do not want to replace it with Samba, than you would have to use NT for creating accounts.
Ideally, you would can use the guide from the wiki to replace the PDC with Samba and than also configure a second Samba instance as a BDC. You can get all the information you need for configuring Samba as a BDC in Official Samba HOWTO mentioned in our wiki guide.

Quote:

Also, I think I've read in a couple of places that I really should run Zimbra by itself on the server. Would running Samba as a BDC on the same box violate that?

While this is possible and both will work together, this is going to be very hard on your hardware, because PDC (and even more so BDC) is a very busy machine and Zimbra is even busier. So, I would recommend getting separate machines for performance purpose. If you are going to run both on the same machine and you are going to use user authentication against LDAP through pam_ldap, make sure that you configure your pam_ldap to fallback to /etc/passwd or add your zimbra user to your LDAP.

Quote:

Thanks In Advance for any ideas, hints or tips!

You're welcome

[qube001]

Hi folks

I also followed the wiki and I am now happy with my Samba server authenticating users against zimbra user base.

next step in my mind would be to use others foreign offsite samba servers to auth against this very same Zimbra user base. (BDC)

To ensure extra reliability even if the WAN link went down between Zimbra LDAP and foreign Sambas, I will use master/slave LDAP scheme, the master LDAP being Zimbra, and the slaves ldaps will be hosted on foreign samba servers. (slapd)

I believe I'll have to add some lines to add slaves in
/opt/zimbra/conf/slapd.conf.in like :

Code:

replica uri=ldap://ldap-2.example.com:389 binddn="cn=Manager,dc=example,dc=com" bindmethod=simple credentials=secret

replogfile      /var/lib/ldap/replog

I also think I'll have to add samba ldap schemas to every foreign samba ldap servers


does it sounds good to zimbra gods?

[qube001]

I finally got a zimbra PDC + samba BDC setup working

Primary site : zimbra 5.0.9 Centos 5.2 quad Xeon workhorse (PDC)

Office sites : Debian Samba on stock PC computer ("BDC")

the goal is to use the same user base from every sites AND some WAN failover security if WAN went down. (aka BDC)

I did a "LDAP only" zimbra setup on offices following this doc
Multiple-Server Installation

and told the samba server to auth against its own ip adress (localhost won't work)
following this (neat) link
Multiple-Server Installation

this seems to work fine except the slave zimbra LDAP keeps complaining about:

Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

this is I think because no other zimbra service is running (correct?)

Is there any way to get rid of those alerts (it fills mail and log)

Thank you in advance