The static passdb option with nopassword=y should only be depending on openchange module installation. If there is no Microsoft Exchange Server compatible server in the picture, there should indeed be no need for this parameter. We will fix this soon.
cool
From Zentyal server's perspective, 127.0.0.1/32 is a trusted environment and all Zentyal modules are deployed with respect to this policy. Deploying new custom applications, moreover on an office server should always be a strict and controlled process
I see your point but this is where our views differ
slightly To me, either Zentyal server provides
everything (in term of infrastructure and application) needed by organization deploying such solution or it has to be either open to external application or safely support installation of third-party software on same (Zentyal) server.
Of course, in case of installation of third-party software, it has to be done carefully but does it mean that one has to perform huge reverse engineering in order to identify such kind of weakness ? I don't think so.
Although this is perhaps not the right place neither the right time to discuss this, I'd like to elaborate a bit, not on the technical detail (furthermore you will fix it) but on the global strategy (no I do not aim at challenging your choices
but only explain where I'm not comfortable with).
As written above, either Zentyal provides exhaustive platform (and we all know this is not achievable) or it has to support additional software.
The initial concept ("all-in-one-box" for SMB) is extended to larger organizations with add of features like GPO support or exchange server emulation. So far so good but on the other hand, there is no sign or clear evidence, unless I missed something, that Zentyal will provide associated features that are mandatory (from my standpoint) for larger deployments: multi-site support, redundancy and high availability, easy third-party or external application deployment, true use of IAM in Zentyal components.
I do understand everything can't be added in one single easy step
but I feel that each step with new releases is moving toward design that is less open, more proprietary (à la Microsoft) while I also can't see any announcement describing what will be done on middle or long term to change it. I perhaps do not look at the right place
E.g. I've noticed that HAproxy will be part of next releases. So far so good, I'm really fan of such kind of component
but, as there is a but, I can't see how this will fit with Zentyal design and purpose. HAproxy acts as layer providing both high availability and/or load balancing in a reverse proxy like mode. What does it mean from Zentyal standpoint ?
- That Zentyal will act as reverse proxy platform for external applications, thus acting more like infrastructure gateway (which makes sense while targeting medium to large organizations) but then lack of Zentyal high availability features and openness to external applications will make it kind of useless.
- That Zentyal will provide embedded reverse proxy for embedded web servers. Cool but current vhost management features make it quite painful when it comes to do anything more than basic web pages without access control or profiling.
- one (hopefully) step toward Zentyal cluster ?
To make it short, I like HAproxy, I appreciate Zentyal willingness to add such feature but I'm frustrated by the lack of explanation (rather than "we will add such component", I'm expecting "we will add such kind of feature because this is aligned with this or that strategy") and furthermore and more critical, I fell this will make Zentyal platform even more unbalanced than before: one more step toward medium to large business support while a lot of basic features even required for SMB are still missing.
Sorry for this long transgression