Results 1 to 1 of 1

Thread: Implementation plans

  1. #1
    Join Date
    Nov 2008
    Kansas City, MO
    Rep Power

    Default Implementation plans

    My company currently uses Zimbra for its email. Our mail server is configured as a standalone Zimbra server. We also maintain a separate LDAP server. We have decided to consolidate all of our LDAP resources into a single server, and that the canonical source should be the mail server and not our other LDAP server.

    The mail server resides in our DMZ. It makes me very uncomfortable to have our master password database stored in the DMZ, so I would prefer that the master LDAP server reside in the LAN, and the mail server be configured as a replica LDAP server. I realize that this does not provide a great deal more security - a password stolen from a replica server is just as valid as one stolen from the master - but it is a significant enough security gain that I am eager to implement it.

    My plan is then to configure a machine to serve as an LDAP replica, with our mail server as the LDAP master, and eventually promote that machine to master status per the instructions in the wiki. There is one small snag to this plan - the mail server resides in the DMZ and must continue to reside in the DMZ for the time being so that our employees can access their email from outside of our network. I'm planning on doing this by configuring the LDAP master to push updates to the mail server by means of <pre>syncrepl</pre> (as described in the OpenLDAP administrator's guide).

    My question, then: has anyone done this (and documented their progress somewhere I can see it?) Alternatively, can anyone recommend a better way to do this? I don't believe moving the mail server into the LAN is an option - our employees must be able to access their email, contacts, and calendar outside of our network.
    Last edited by KitPeters; 12-30-2008 at 12:57 PM. Reason: corrected URL syntax

Similar Threads

  1. Plans to add Tasks support?
    By fabricapo in forum CalDAV / CardDAV / iSync
    Replies: 1
    Last Post: 05-25-2008, 09:12 PM
  2. [SOLVED] SOAP access to the Zimbra server
    By sahuguet in forum Developers
    Replies: 29
    Last Post: 04-10-2008, 07:34 AM
  3. Replies: 0
    Last Post: 03-10-2008, 08:45 AM
  4. Replies: 5
    Last Post: 08-11-2006, 12:35 PM
  5. Are There Plans for M3 / RC1?
    By wdimmit in forum Administrators
    Replies: 1
    Last Post: 11-23-2005, 01:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts