I've checked the forums and there doesn't seem to have been a conclusive answer reached on whether the hooks needed to tightly integrate samba and zimbra exist or not.

I've installed Zimbra under Debian Sarge, using an external LDAP server (on a different Debian Sarge server). Zimbra is working fine. My domain is "foo.com" for the purpose of this discussion, so my basedn is dc=foo,dc=com, and my users are being set up in ou=people,dc=foo,dc=com

On a third server I have samba installed. I've configured Samba to use the LDAP server I just mentioned, using the idealx smbldap tools. Samba is configured to look in ou=people,dc=foo,dc=com for users, which is fine.

In order to enable a user for samba, you would normally just run 'smbpasswd -a $username' in order to create the extra LDAP objectClasses and attributes needed. However, this depends on the $username object already having certain objectClasses and attributes enabled, such as posixAccount and uid.
If these don't exist (and they don't, with the current Zimbra setup), it won't create the account.

Zimbra won't create an account if the specified dn (eg, uid=testuser,dc=people,dc=foo,dc=com) already exists.

Other tools, such as 'change password utility' (http://cpu.sf.net/ ) which is designed to allow tight integration of LDAP into unix accounts, will create the right sort of entries (a full unix account) for smbpasswd to modify, however it too won't create an account if the specified dn already exists.

There are a number of solutions I can see to this, including:

a) Zimbra tests if a new account dn exists, and if does, instead of failing, checks to see if it is already a zimbra account. If not, it asks the admin if they wish to modify the account to be a zimbra account.

b) Zimbra allows an admin to specify pre- or post- commands which are executed on account creation. Site admins can then write scripts to perform whatever they want

c) Zimbra adds in support for adding posix/samba accounts directly, perhaps by integrating idealx's smbldap tools

d) I modify cpu to add all the zimbra objectClasses and attributes, and just use cpu

e) I write a custom script to add the zimbra objectClasses and attributes to a given dn, and use cpu/smbpasswd

f) I write a complete new frontend for managing everything.


Options d, e and f require me having some understanding of attributes such as the ZimbraId attribute. They also don't meet my requirement of tight integration (so the site admin, who is definitely not IT savvy, can use this to create accounts). Option f does, but is a waste of time - zimbra has the frontend, I just need some hooks!

Of the first three options, I think c) - tight integration of zimbra with samba etc, perhaps via idealx's smbldap scripts, is the best. Any of the first three options would do though.

Any thoughts?

I'm more than willing to help out, as it looks as though zimbra is going to become a core part of my infrastructre. I suspect I won't get a good answer for the current deployment however, so I might just go back to separate databases for now.

Thanks