Ideas for integrating Zentyal into existing environment?

[jimmyland]

Hello,

I have a client with 20 or so PCs around the office without any domain controllers, users have their own local logins. There's a homegrown intranet app running on an old linux box with its own authentication system, and a Zimbra install on another linux box. Each users have 3 different login ID/passwords, one for the local PC, another for the intranet webapp, and another for Zimbra. There's a few network printers scattered around the office and the users connect to those via IP addresses.

I'm looking for some ideas on how to start integrating all of the systems together, getting them onto a domain login type authentication scheme and adding in VPN capability. Can somebody point me in the right direction on how to accomplish this with Zentyal? My first thought is that the LDAP from Zimbra could probably serve as the authoritative one, has something like this been done in the past? Or is it a better practice to replicate the directory?

Any ideas would be greatly appreciated.

[ichat]

run zentyal als a pdc (primay domain controller).

move from zimbra to zarafa ... 

and tell us what kind of  web-app it is and if it already supports  ldap  authentication...  or could actually be made to support it...  OR   tel us what you exachtly want to do with it... (maybe its userdb could be synced once in a while... )...

[jimmyland]

Hmm, I was hoping to not have to touch the Zimbra install much as its working well for them. The homegrown webapp currently stores user authentication inside the mysql db. My plan is to re-write it a bit to do LDAP auth once I get a domain controller setup.

I haven't setup a test Zentyal system yet, but is it pretty clean to stop/remove the mail portion? I can just keep the zimbra server on its own and figure out a way to sync passwords.

[stuartiannaylor]

Not prob what you want to hear but I really do suggest taking a look at zarafa. Install zentyal and setup with zarafa. You will find having a single source for user administration in terms of samba and mail (zarafa) very painless.
Saying that you could push all the mail traffic to the zimbra server.
The community versions of zimbra and zarafa are practically identical in offerings from my memory of zimbra.
I gave up on zimbra as the desktop was still in development at the time and the imap didn't seem to work, so it has been a year or two.
If its the document management you need then zarafa works well with alfresco.
Mysql is installed on zentyal with the zarafa modules.

In the FAQ section :-
Why did you drop eGroupware? And why did you choose Zarafa as groupware replacement?  eGroupware was  removed from Debian and Ubuntu repositories some months before our release. We tried to maintain by ourselves eGroupware packages but we found  many issues and we realized that it was very difficult to maintain them in a good shape during the whole release life cycle. Despite  we asked our community for help maintaining a working eGroupware version nobody stepped forward.
 In our commitment to integrate the best applications to make Zentyal the best Linux small business server, we wanted a groupware application with all the features you can expect from this kind of software: mail client, contacts, calendar, tasks and mobile synchronization. Dropping eGroupware wasn't an easy decision but we were not confident enough to maintain and support it during the next release life cycle. A lot of feedback was received on which options we could adopt to replace eGroupware, getting most comments two of them: Zimbra and Zarafa.
 After analyzing both of them, finally we chose Zarafa because it can be fully integrated with other Zentyal components whereas Zimbra is more an appliance by itself and more difficult to work with existing mail and LDAP components. Also Zarafa is already packaged for Ubuntu and included in Canonical partner repository. Additionally, we already have a good experience with Zarafa as we made an experimental integration for a customer and they are very happy with the features and reliability that offers.
 For those who like more Zimbra, we haven't forgot about Zimbra and with some community members collaboration we will publish a Zimbra integration with Zentyal HOWTO soon.
 And for the ones who want to keep eGroupware, we are not deleting ebox-egroupware as a package, we are only dropping the official support for it. If you want to use it and you can live with it, go ahead, it's still in our  2.0-contrib repository and will be there at least until the next major release. See the Installation Guide for more info about how to install it.

...
So I guess if you get the LDAP structure correct its all possible

 

[jimmyland]

Thanks for the suggestion, I'll look into Zafara. It'll probably not be an issue replacing zimbra, and client's using it just as a mail server. On the desktop side they're using thunderbird.

On to my next question... how easy would it be to move Zentyal from the 32-bit version to the 64-bit version? As I'm limited on the available hardware, my plan would be to start implementing zentyal as a DC on a 32-bit box. Once I get the client PCs hooked up and all the users setup, if I go for migrating to zafara, I'd want to migrate to the 64-bit hardware that the zimbra box is currently occupying.

[christian]

You plan to deploy Zentyal as "domain controller", fine but does it mean that your 20 clients are already running OS able to benefit from it (i.e. Win XP pro or Win 7 pro edition)?
If not, is it worth the expense? I mean to say that you can benefit from central account management (LDAP) for infrastructure and applications that will be LDAP based without moving to Microsoft "pro" edition client side. Still account on client will be local    is it an issue?

I'm quite surprised to see the amount of request for DC related stuff even for deployment at home. Is Microsoft selling so many "pro" editions?   

Regarding migration, I'm not aware of such tool but configuration backup and restore will do it easily, maybe with some adjustment depending on network configuration.
What is more questionable (and I definitely need to investigate Zarafa a bt more) is the migration of mail content in case you are using IMAP. As far as I understand but I might be wrong, Zarafa is not storing mail like any other "standard" MDA, meaning in ~/maildir like structure.
Furthermore, if your clients are today using Thunderbird, I don't see, from mail standpoint only, the added value with Zarafa 

[stuartiannaylor]

Thunderbird could be used as Zarafa offers standard ports (imap / ical) and ver 3.0 works much better with newer M$ clients.

Imapsync is a tool for facilitating incremental  recursive IMAP transfers from one mailbox to  another. It is useful for mailbox migration or backup, and  reduces the amount of data transferred by only copying messages that are not present  on both servers. Read, unread, and deleted  flags are preserved, and the process can be stopped and resumed. The original messages  can optionally be deleted after a successful  transfer.

http://freshmeat.net/projects/imapsync/ its a free download as both zimbra and zarafa use a combination of database and file system.
In a similar way M$ Exchange does.

Calendars should be transferable via Ical works in Zarafa should do in Zimbra.

The great thing about Zarafa is the community webaccess module personally I think it is better than the M$ offering and the removal of client admin through a private email cloud application reduces much work. If you have Zarafa why use a client as all you need is a browser.

If you have anything but a small network, a couple of users then yes maybe individual home licences bundled with purchased pc's may suffice. Personally if I was setting up a network of 20 users I wouldn't feel right about specifying something labelled as "Home" before we get to offline files,  group policies, roaming profiles and an OS that can join a domain.
Saying that the newer Vista, Win7 clients are seriously tied to active directory and admin is hampered until the arrival of Samba4 which hopefully will be soon. Saying that  do you want to roll your clients out in a potential cul de sac.

If you have an old PC bang on a copy of zentyal and create a test network as it will illuminate much. Thats the great thing about open source as you can have a play and roll it out at your dictate.

[christian]

Thunderbird could be used as Zarafa offers standard ports (imap / ical) and ver 3.0 works much better with newer M$ clients.

Sure, Thunderbird can be used with Zarafa. I fully agree. Let me please rephrase my question .
How will Thunderbird benefit from Zarafa compared to any other IMAP server (here Dovecot)?
I think answer is in what you explain hereafter, meaning due to workflow and non-mail related features. With this in mind, yes, why not deploying Zarafa... If goal is mail only... 

Imapsync is a tool for facilitating incremental  recursive IMAP transfers from one mailbox to  another. It is useful for mailbox migration or backup, and  reduces the amount of data transferred by only copying messages that are not present  on both servers. Read, unread, and deleted  flags are preserved, and the process can be stopped and resumed. The original messages  can optionally be deleted after a successful  transfer.

Some tools exist to perform this migration. Real issue, if any, is to setup either Dovecot or Zarafa with different IMAP port (and configure your migration tool accordingly)  in case you want to migrate on same server  otherwise you will not be able to start both at the same time. Some tools/scripts exist server side (meaning not accessing IMAP server) but I don't know if it works with Zarafa.

The great thing about Zarafa is the community webaccess module personally I think it is better than the M$ offering and the removal of client admin through a private email cloud application reduces much work. If you have Zarafa why use a client as all you need is a browser.

For community web based part, you're right. For what concerns mail... I'm used to read and reply to mail when I travel in train or flight and feel this is very convenient using "real" mail client rather then webmail. Use of webmail is, at least for me, marginal and only when I'm not using my own laptop.

Saying that the newer Vista, Win7 clients are seriously tied to active directory and admin is hampered until the arrival of Samba4 which hopefully will be soon. Saying that  do you want to roll your clients out in a potential cul de sac.

Good point which confirms my feeling that next debate will be Microsoft vs. Samba4 vs. Zentyal.

[christian]

Imapsync is a tool for facilitating incremental  recursive IMAP transfers from one mailbox to  another. .../...
http://freshmeat.net/projects/imapsync/
its a free download

Are you sure? Where is the link for free download? For what I found, basic cost (for last release) is about 30 euros (still cheap  however )
Older releases might be found on internet for free but without bug fix and improvements     or there is a link somewhere in author's page that I've not been able to find...

[stuartiannaylor]

Imapsync is a tool for facilitating incremental  recursive IMAP transfers from one mailbox to  another. .../...
http://freshmeat.net/projects/imapsync/
its a free download

Are you sure? Where is the link for free download? For what I found, basic cost (for last release) is about 30 euros (still cheap  however )
Older releases might be found on internet for free but without bug fix and improvements     or there is a link somewhere in author's page that I've not been able to find...

Looks like they are charging for the win.exe its in the ubuntu repos but I am sure I used a win version it was a couple of years ago.
If your going to use the windows version it looks like it will cost you 30 euros

[ichat]

this is exactly why we should start buildin zentyal-desktop-linux

(in other words)  a ubuntu version  with all the tools and pre-configs for hooking up with zentyal and SSO.

buying 20 or so windows xp / 7  pro licences  will be worh nothing if the only  reason to do so is  sso.. and 
maping drives...

hell  i could even install your systems with a local admin and win32 services that   essentyally  creates local users with local passwords and   synch them on every-bootup...     

but hey why should i - its better to install ubuntu with  ldap-auth

[stuartiannaylor]

this is exactly why we should start buildin zentyal-desktop-linux

(in other words)  a ubuntu version  with all the tools and pre-configs for hooking up with zentyal and SSO.

buying 20 or so windows xp / 7  pro licences  will be worh nothing if the only  reason to do so is  sso.. and 
maping drives...

hell  i could even install your systems with a local admin and win32 services that   essentyally  creates local users with local passwords and   synch them on every-bootup...     

but hey why should i - its better to install ubuntu with  ldap-auth

I agree with you iChat but from a client perspective I am having real problems in what users see ubuntu as. The M$ method of bundling and marketing of Windows is a huge hurdle to leap purely of perception.
LTSP will allow me to make in roads in this as it provides huge cost benefits as it would seem M$ is happy to price dump win7 for OEMs as they haul back there profits through applications.

[Sam Graf]

LTSP will allow me to make in roads in this as it provides huge cost benefits as it would seem M$ is happy to price dump win7 for OEMs as they haul back there profits through applications.

LTSP of course is competing in roughly the same market space as VDI. It'll be interesting to see how this all plays out in the SMB market. Companies like Citrix and Wyse are betting heavily on both enterprise and SMB VDI solutions.

[stuartiannaylor]

Sure, Thunderbird can be used with Zarafa. I fully agree. Let me please rephrase my question .
How will Thunderbird benefit from Zarafa compared to any other IMAP server (here Dovecot)?
I think answer is in what you explain hereafter, meaning due to workflow and non-mail related features. With this in mind, yes, why not deploying Zarafa... If goal is mail only... 

I don't think there is much to be gained from thunderbird as the webaccess module does everything thunderbird does without the need for client install and admin. Zarafa will allow thunderbird to provide calendar operations though.

Some tools exist to perform this migration. Real issue, if any, is to setup either Dovecot or Zarafa with different IMAP port (and configure your migration tool accordingly)  in case you want to migrate on same server  otherwise you will not be able to start both at the same time. Some tools/scripts exist server side (meaning not accessing IMAP server) but I don't know if it works with Zarafa.

I did it slightly different I got the new zentyal server up and running and added it to the network then changed the IP of the old server whilst disabling dhcp. I didn't want any new emails going to the old server as I was transfering the data. Each way is valid though.

For community web based part, you're right. For what concerns mail... I'm used to read and reply to mail when I travel in train or flight and feel this is very convenient using "real" mail client rather then webmail. Use of webmail is, at least for me, marginal and only when I'm not using my own laptop.

I am not sure if this is really true for the current connected road warrior. Have a look at the webaccess module if you want to imap to zarafa then thunderbird is available if you wish.

Good point which confirms my feeling that next debate will be Microsoft vs. Samba4 vs. Zentyal.

I don't think its a case of samba4 vs zentyal its more of a case of how good zentyal will be with samba 4 intergration.

Stuart

[stuartiannaylor]

LTSP will allow me to make in roads in this as it provides huge cost benefits as it would seem M$ is happy to price dump win7 for OEMs as they haul back there profits through applications.

LTSP of course is competing in roughly the same market space as VDI. It'll be interesting to see how this all plays out in the SMB market. Companies like Citrix and Wyse are betting heavily on both enterprise and SMB VDI solutions.

With the added advantage of zero licensing cost LTSP and minimal admin cost should provide much. Client setup can be a real pain and I agree Sam it is very interesting. Fingers crossed that Zentyal feel the same.
Lol if so then this should bring up some debate on how it should be deployed.