How to make zentyal 3.0 slave from OpenLdap a previously installed Open LDAP

[zahadom]

Hi
We have a Ubuntu 12.04 LTS instaled with OpenLDAP and other functions.

We need add a Zentyal 3.0 as proxy for Internet access capabilities leveraging load balancing and fault tolerance.
We have not found any posts with this problem.
We can not migrate the existing OpenLDAP to Zentyal, it has features inconsistent with Zentyal.Ej: Jabber with mixed authentication LDAP/Mysql.
We may need to add some schema to ldap, but could not find anything about it.

This are my zentyal instalation
zentyal-common                       3.0.6                               Zentyal - Common Library
zentyal-core                         3.0.16                              Zentyal - Core
zentyal-firewall                     3.0.1                               Zentyal - Firewall
zentyal-network                      3.0.2                               Zentyal - Network Configuration
zentyal-objects                      3.0                                 Zentyal - Network Objects
zentyal-services                     3.0.1                               Zentyal - Network Services
zentyal-software                     3.0.3                               Zentyal - Software Management

Sorry for my english
Regards

[christian]

LDAP master / slave concept is, like "Windows domain", something interesting to be discussed further.

The short answer is that you just can't achieve it relying on standard master / slave design. Two main reasons for this:
- schema differs
- Zentyal expects to own account creation as this triggers a bit more than LDAP entries.

I would advise that either you deploy your own proxy + fault tolerance and set it so that it relies on your existing LDAP server (quite easy as this is only matter of configuring Squid to rely on LDAP or you write your own "synchronization" script between 2 different LDAP servers. Notice that I do not write '"master /slave" here. The est you can do is to synchronize password and use Zentyal scripts to create / remove accounts (assuming your current LDAP is the owner).

At this end, this can be seen as "logical master/slave" but from an LDAP standpoint, this is not.

[zahadom]

Ok, I understand all concepts, but the question is: I can join zentyal server to existing LDAP??

I can use Proxy and Internet capabilities( load balancing and fault tolerance) from zentyal with users in other LDAP? It is possible?

Thanks

[christian]

no, out of the box, you can't.

- master/slave design, as explained above, won't work (with the meaning of LDAP master/slave)
- if you want to populate Zentyal based on external LDAP server, you will have to write your own "synchronization" script
- relying on external LDAP server is not expected neither. This technical can obviously be done if you, again, hack Zentyal conf files. Perhaps a bit more than conf file if some specific attributes are read (because of Zentyal customized schema but for proxy (i.e. Squid) this should not be that difficult.
But in such a case, what is the added value of using Zentyal ?

Don't take me wrong. I perfectly understand your goal and furthermore I do share it.
However, nowadays, everyone looks at AD as the holy-grail and trie to be AD/Microsoft compliant as this is the largest part of the IT landscape. Zentyal does not make any exception  and your existing LDAP server scenario is clearly not taken in account (yet ?)