View Poll Results: Would you utilize a module for managing additional directory information on Zimbra?

Voters
26. You may not vote on this poll
  • Yes

    22 84.62%
  • Maybe

    1 3.85%
  • No

    3 11.54%
  • Not applicable

    0 0%
Results 1 to 5 of 5

Thread: Authenticate against Zimbra's LDAP

Hybrid View

  1. #1
    Join Date
    Feb 2007
    Location
    Jacksonville, FL
    Posts
    12
    Rep Power
    8

    Default Authenticate against Zimbra's LDAP

    I know it is not designed for this application, but we are a small deployment of about 20 users evaluating Zimbra. I know directory information is stored in OpenLDAP. I am not experienced with either OpenLDAP or Zimbra but would like to utilize Zimbra's OpenLDAP to authenticate users in a POSIX environment (Fedora Core 6 to be exact).


    A plugin to manage additional directory information necessary to distribute POSIX login information would be a huge enhancement to the product. But for now, what is the shortest distance to our goal of only maintaining one password store?
    Last edited by mattwalston; 02-07-2007 at 03:50 PM. Reason: Spelling error in title
    ----
    Matt Walston
    Entire IT Department
    Air Control Systems

  2. #2
    Join Date
    Feb 2007
    Posts
    33
    Rep Power
    8

    Lightbulb Using LDAP

    Quote Originally Posted by mattwalston View Post
    I know it is not designed for this application, but we are a small deployment of about 20 users evaluating Zimbra. I know directory information is stored in OpenLDAP. I am not experienced with either OpenLDAP or Zimbra but would like to utilize Zimbra's OpenLDAP to authenticate users in a POSIX environment (Fedora Core 6 to be exact).


    A plugin to manage additional directory information necessary to distribute POSIX login information would be a huge enhancement to the product. But for now, what is the shortest distance to our goal of only maintaining one password store?
    Not a bad idea to have a single store of information. It makes it easier in the end to manage users, etc. I think you could go about this one of two ways:

    1, make some sort of module that allows for extensions to Zimbra's LDAP server and authenticate your OS logins against that.

    2, Zimbra can authenticate users against an external LDAP (and even Active Directory). You could set up an LDAP server -- with whatever additional schema you wish -- and then just authenticate Zimbra against it (kind of the other way around from what you are thinking). I would kind of lean toward this idea because all the work is already done besides setting up another LDAP server to hold all your user information.
    (Note that Zimbra will still maintain its own LDAP server as far as I know to store its own configuration, etc.)

  3. #3
    Join Date
    Feb 2007
    Location
    Jacksonville, FL
    Posts
    12
    Rep Power
    8

    Default Possible Module

    The module would be the preferred method for us. We only have one machine to provide the network services. Beyond Zimbra we also run a Ruby on Rails deployment, NFS sharing, DHCP server for 10 clients, tftp for pxe information for installations, and some form of directory server.


    Obviously, the RoR and LDAP could bind to an alternate port, but why? Most of the data in the LDAP would be replicated in the Zimbra directory. The complexity of a module that extends management of users and groups should not be that difficult on the surface.


    While I am relatively inexperienced with openldap and Zimbra; I am a capable administrator and half competent developer. If someone there is much interest in this project, I can work on such a project utilizing company time.


    If you are interested PM me.
    ----
    Matt Walston
    Entire IT Department
    Air Control Systems

  4. #4
    Join Date
    Sep 2006
    Location
    Davis, CA
    Posts
    64
    Rep Power
    9

    Smile pam_ldap to zimbra

    We are creating users on a fedora box and authenticating them against zimbra with pam_ldap. They wil ssh to this box and run pine which will IMAP to zimbra. We're still testing, but it works.

    It requires making the user account on both systems and enforcing password complexity twice, but at least there is only one password and users can avoid zimbra and stick to pine if they want.

    I intend to also auth web apps against zimbra once we're in production.
    It'll go on the wiki somewhere when it's tested a little more.

  5. #5
    Join Date
    Aug 2008
    Posts
    10
    Rep Power
    7

    Default

    Did anything ever become of this? This would be useful for me as well.

Similar Threads

  1. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  2. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  3. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 04:29 AM
  4. Mac OSX install: Java errors & LDAP CA error
    By jefbear in forum Installation
    Replies: 9
    Last Post: 12-16-2006, 02:39 PM
  5. Replies: 4
    Last Post: 11-15-2006, 11:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •