[Freeipa-users] RHEL + IPA + Zimbra = ?

[Dale Macartney]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 31/05/12 15:10, Simo Sorce wrote:
> On Thu, 2012-05-31 at 07:55 +0100, Dale Macartney wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>
>> On 31/05/12 00:13, Dmitri Pal wrote:
>>> On 05/30/2012 06:12 PM, Dale Macartney wrote:
>>>>
>>>> Evening all
>>>>
>>>> Has anyone dabbled with Zimbra integration with IPA as yet? I just
>> had a
>>>> brief brainstorm moment of thinking "Now that would be useful".
>>>>
>>>> I'm curious to see if anyone else has tried it? Otherwise I'll give
>> a go
>>>> and see what docs I can produce from my endeavours. Pointers,
>> requests
>>>> and opinions welcomed.
>>>>
>>>> Night all
>>>>
>>>> Dale
>>>>
>>>
>>> Are you talking about SSO or just using IPA as a back end identity
>> store.
>>> I do not think it was tried but I do not see a lot of issues.
>>> If there are I would like to see tickets.
>>> As for kerberos SSO it might be quite a different situation which
>> needs to be investigated.
>>>
>> I was thinking as a solution in general to be honest. I'll fire it up
>> with IPA as a backend store initially just to see it working. The
>> endgame goal though would be SSO. Like all my projects SSO is what I
>> am aiming for, but in some cases its not possible.
>>
>> I've requested an eval key for the enterprise supported release. I'll
>> try to get them involved in the process as well if push comes to
>> shove. They will benefit from this as well in the end.
>>
>> I'll feed back to the list with progress.
>
> As far as I know Zimbra supports retrieving users from LDAP and using
> Kerberos for authentication.
> In the very latest code they also fixed using Negotiate auth to login
> using Kerberos against the Web interface even when their proxy is being
> used, so now all components of Zimbra should be usable with krb auth.
> This means a properly configured Browser/MUA should be able to do full
> SSO auth against Zimbra.
>
> If you can test their latest release and report any gotchas in
> configuration that would be awesome!
>
> Simo.
>
I'm definitely up for it. I had a day off today actually, so most of the
day has been spent on my test lab. Will follow up soon. I haven't used
Zimbra before so I'll do it a few times to get things consistent, then I
might ask for some community QA on my steps to be honest.

keep you all posted. I have received a license key and was playing
earlier today with 7.2 (downloaded last night). Hopefully they don't
change that too frequently.

Dale

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPx3yDAAoJEAJsWS61tB+q8XUP/2r2qTvJA+JGaPrUr1V7cLbv
Z+zGwQDt1uqbtfyYSBDCQ9OeKb4NjXK0HEj7fQc/RjkWM1xRxJVpngd1ypRhYUKZ
u8Go6JNxYSgOTTE8QCozWBKDzgYbVg8RGAtIjHFZDtfW/hODuz01q9RUdWsPGAvJ
PS1RRxTWPB3zkNO8OYDIcPRslHKbilGJAGQzcq5evQhgIsHTNNHwKsRFoXzXM4FV
qxbSRJsu5NFg7Gs0/qundVb8c6v6Rv9abd3nlpxkKa272fAFYm5eOneNWfV1qMQt
/0KZMbeUQxRnL6P6mJrTzuLxvN8Hr338E0nIyVGMxKaJu9F9nvU+99DHyalK/Qdi
zhmZrxUyQjxYUqZjSruaxmScMUvPBYq8grzni5wu2KrBKKLSwU/fV3F5V5xpYZHw
vcdKw7X96YKqEHNER3SAKJZaJpOo+6/w4areeWw8XJ3cey0ClG9qpiFZNhNevZ29
0osr5gEU+N4Mf6M9mMj8oVWE05W0TT1z2E55IFT9EuT3n3pJ9hf2A2TSWOqVkmzh
W7ACTDvrFvPJzcoQf2Pc46Qx5TMrURhtvwAxCDplO3cVPKiiBEf0BPBrFbh7WjRa
Ydc42mJUlfZohYCApnhr5vfNn7lVVV4DKC61BaafU41L+oRcCsCuS8rY4bWI4Uit
lHUDueD8aL9ZzEZiFTjm
=ai51
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120531/fa8c2140/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120531/fa8c2140/attachment.sig>