Installation with existing OpenLDAP, postfix, dovecot, spamassassin

[Zig]

I am currently using CentOS 4 with LDAP/postfix/dovecot/spamassassin configured for mailing service (including the LDAP for PAM). And I want to extend the server to support Calendar service and someone recommended me to have a look at Zimbra.

I am testing Zimbra in a sandbox, and found it excellent for our task. However, the installation of zimbra will replace postfix/LDAP/dovecot/spamassassin on the original system. It is ok for a sandbox but will be a quite hard work for our production server. I read the Zimbra wiki but only found instructions about using external authenication with another LDAP server. Anyway I just do not want to move the LDAP service to another server. And furthermore I want to keep the original configured services as more as possible. Especially the LDAP service will support the PAM and several other web applications, changing of this will be a nightmare for me.

I just want to ask are there any suggestions for my situation?

[phoenix]

Welcome to the forums.

The quick answer is, Zimbra is a complete package and it's not possible to integrate it with currently installed packages in the way you want. You could run Zimbra in a VM or on another server.

[Zig]

It is a sad news.

Is that possible with less restrictions? I mean manage the users with another LDAP server. Here manage means not only authenication but also add/remove users. For I want to centralized the users in one LDAP instance.

[phoenix]

Currently you will still need the user to be provisioned in Zimbra as well as the external LDAP. It would depend how you create users in your external LDAP, if you do it by script then you can also create the Zimbra user at the same time (there are a bunch of cli tools), have a look through the forums for some details.

[Zig]

Yep, you are right I can add user with scripts.

But more, am I be able to sync the addressbook when changing some other entries in my Auth LDAP? I mean when some user change his personal contact information in Zimbra, the changes will be reflect back to my Auth LDAP?

Some more on this topic. Could I change the LDAP port used by Zimbra, so that I can setup two LDAPs on the server?

And about postfix, is that possible to change the storage directory of postfix so each user can use mutt simply read mails in his homedir?

Thanks.

[dijichi2]

Quote:

But more, am I be able to sync the addressbook when changing some other entries in my Auth LDAP? I mean when some user change his personal contact information in Zimbra, the changes will be reflect back to my Auth L

DAP?

not unless you cron some custom script. or if you're devlishly clever and work out some way to proxy the data through an openldap backend.

Quote:

Some more on this topic. Could I change the LDAP port used by Zimbra, so that I can setup two LDAPs on the server?

i believe you can alter the default ldap port away from 389 in the zimbra installer. i've never tried it but would be great if it actually works. i changed my second ldap server to a different port instead, it's easy to change pam/samba to port to the nonstandard port.

Quote:

And about postfix, is that possible to change the storage directory of postfix so each user can use mutt simply read mails in his homedir?

nope, postfix is simply mta, it hands off actual deliver through lmtp to another subsystem. the old-style mail files/dirs aren't used anymore (hurrah). use pine instead of mutt, far better and supports imap.

[Zig]

Quote:

Originally Posted by dijichi2

i believe you can alter the default ldap port away from 389 in the zimbra installer. i've never tried it but would be great if it actually works. i changed my second ldap server to a different port instead, it's easy to change pam/samba to port to the nonstandard port.

I spent some time today and got it worked.

Follow this:

./zmlocalconfig -e ldap_url=ldap://localhost.localdomain:10389

and change every ":389" in conf/*.cf to ":10389".

After that:

[root@localhost bin]# netstat -ano | grep 389
tcp 0 0 127.0.0.1:10389 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:36941 127.0.0.1:10389 ESTABLISHED off (0.00/0/0)
tcp 0 0 127.0.0.1:36937 127.0.0.1:10389 ESTABLISHED keepalive (7185.65/0/0)
tcp 0 0 127.0.0.1:10389 127.0.0.1:36937 ESTABLISHED keepalive (7185.65/0/0)
tcp 0 0 127.0.0.1:10389 127.0.0.1:36941 ESTABLISHED keepalive (7186.07/0/0)
tcp 0 0 127.0.0.1:10389 127.0.0.1:36945 ESTABLISHED keepalive (7191.74/0/0)
tcp 0 0 127.0.0.1:10389 127.0.0.1:36946 ESTABLISHED keepalive (7191.79/0/0)
tcp 0 0 ::ffff:127.0.0.1:36908 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (11.80/0/0)
tcp 0 0 ::ffff:127.0.0.1:36911 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (15.07/0/0)
tcp 0 0 ::ffff:127.0.0.1:36904 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (11.96/0/0)
tcp 0 0 ::ffff:127.0.0.1:36907 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (11.80/0/0)
tcp 0 0 ::ffff:127.0.0.1:36903 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (11.96/0/0)
tcp 0 0 ::ffff:127.0.0.1:36897 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (3.12/0/0)
tcp 0 0 ::ffff:127.0.0.1:36924 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (27.69/0/0)
tcp 0 0 ::ffff:127.0.0.1:36927 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (31.01/0/0)
tcp 0 0 ::ffff:127.0.0.1:36923 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (27.69/0/0)
tcp 0 0 ::ffff:127.0.0.1:36919 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (24.61/0/0)
tcp 0 0 ::ffff:127.0.0.1:36918 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (24.61/0/0)
tcp 0 0 ::ffff:127.0.0.1:36915 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (23.28/0/0)
tcp 0 0 ::ffff:127.0.0.1:36928 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (31.01/0/0)
tcp 0 0 ::ffff:127.0.0.1:36951 ::ffff:127.0.0.1:10389 TIME_WAIT timewait (59.48/0/0)
tcp 0 0 ::ffff:127.0.0.1:36945 ::ffff:127.0.0.1:10389 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:127.0.0.1:36946 ::ffff:127.0.0.1:10389 ESTABLISHED off (0.00/0/0)

No more :389. And I can setup a new ldap server now.

Some more, have you ever played with the spell check module of Zimbra? I found it stared another httpd (grrrr...) on port 7780, it is really a waste. What do you think of moving it to my existing httpd server?