[Freeipa-users] RHEL + IPA + Zimbra = ?

[Simo Sorce]

On Thu, 2012-05-31 at 07:55 +0100, Dale Macartney wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> On 31/05/12 00:13, Dmitri Pal wrote:
> > On 05/30/2012 06:12 PM, Dale Macartney wrote:
> > >
> >> Evening all
> >>
> >> Has anyone dabbled with Zimbra integration with IPA as yet? I just
> had a
> >> brief brainstorm moment of thinking "Now that would be useful".
> >>
> >> I'm curious to see if anyone else has tried it? Otherwise I'll give
> a go
> >> and see what docs I can produce from my endeavours. Pointers,
> requests
> >> and opinions welcomed.
> >>
> >> Night all
> >>
> >> Dale
> >>
> >
> > Are you talking about SSO or just using IPA as a back end identity
> store.
> > I do not think it was tried but I do not see a lot of issues.
> > If there are I would like to see tickets.
> > As for kerberos SSO it might be quite a different situation which
> needs to be investigated.
> >
> I was thinking as a solution in general to be honest. I'll fire it up
> with IPA as a backend store initially just to see it working. The
> endgame goal though would be SSO. Like all my projects SSO is what I
> am aiming for, but in some cases its not possible.
> 
> I've requested an eval key for the enterprise supported release. I'll
> try to get them involved in the process as well if push comes to
> shove. They will benefit from this as well in the end.
> 
> I'll feed back to the list with progress.

As far as I know Zimbra supports retrieving users from LDAP and using
Kerberos for authentication.
In the very latest code they also fixed using Negotiate auth to login
using Kerberos against the Web interface even when their proxy is being
used, so now all components of Zimbra should be usable with krb auth.
This means a properly configured Browser/MUA should be able to do full
SSO auth against Zimbra.

If you can test their latest release and report any gotchas in
configuration that would be awesome!

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York