Replace OpenLDAP with Samba 4 ldap

Issue #61 wontfix
eXtremeSHOK
created an issue

Samba 4 has its own LDAP server, this would allow for an almost direct replacement of OpenLDAP.

The major benefits would be that iredmail ldap would be fully openchange compatible, ie. this would provide native outlook compatibility (mapi support).

Currently Zentyal is the only mail solution to support this as standard.

http://www.sogo.nu/files/docs/SOGo%20Native%20Microsoft%20Outlook%20Configuration.pdf

An alternative could be to write a conversion/sync script between openldap and samba4, however this seems pointless.

Comments (13)

  1. Zhang Huangbin repo owner

    I don't think this is a good idea. Please allow me to explain:

    • MAPI is used in old Outlook releases, e.g. Outlook 200[X]. But Outlook 2013 supports EAS (Exchange ActiveSync), and SOGo offers native EAS support without Samba4+OpenChange. I understand there're many users still use old Outlook, and upgrading to Outlook 2013 costs some money, but Outlook 2013 (and its new versions) are the future.

    • Samba4+OpenChange is kind of mess (IMO), not easy to setup and maintain.

    • iRedMail with OpenLDAP has its own LDAP schema, if we go Samba4, we have to use Samba4 LDAP schema, that means we need to change LDAP queries in Postfix/Dovecot/..., and rewrite iRedAdmin-Pro LDAP edition. That's a big project.

  2. eXtremeSHOK reporter

    EAS does not work on large mailboxes. (5GB+)

    EAS will cause the mailbox to be downloaded multiple times in outlook, this is caused by the device id resetting.

    EAS was designed for a 30day sync, not for multiple years.

    Outlook for ios/android and windows 10 (phone/tablet) does NOT support EAS, only mapi.

    Outlook 2007/2010 supports mapi, so clients with old software do not need to upgrade to expensive outlook 2013/2016

    Outlook 2013 and 2016 (latest) supports mapi

  3. Zhang Huangbin repo owner

    An alternative could be to write a conversion/sync script between openldap and samba4, however this seems pointless.

    This looks like the most possible way. or, improve iRedAdmin-Pro to sync between OpenLDAP and Samba4 when adding new account, updating/remove accounts?

    How about this:

    • Setup iRedMail with OpenLDAP backend.
    • Change OpenLDAP listening port from 389 to another one (e.g. 3890), so that Samba4 LDAP can use 389. Restart OpenLDAP.
    • Setup Samba4+OpenChange.
    • Update iRedAdmin config file to connect to OpenLDAP through port 3890.
    • Sync OpenLDAP <-> Samba4 with cron job (and improved iRedAdmin-Pro).

    This way, Samba4+OpenChange setup becomes an additional components, not prerequisite. Existing iRedMail users can setup Samba4+OpenChange too.

    if Samba4 is able to use OpenLDAP as backend, this might be easier.

    By the way, we must say, Microsoft Outlook sucks because it doesn't implement same protocols (MAPI, EAS, ...) in each Outlook release, its their own product.

  4. Raffael Luthiger

    In my opinion this is a step backwards. Microsoft is moving away from MAPI. With Exchange 2013 they have only HTTP based protocols:

    https://technet.microsoft.com/en-us/library/jj150572%28v=exchg.150%29.aspx

    The normal clients connect with Outlook Anywhere (This feature was formerly known as RPC/HTTP.) Small clients like phones and tablets use ActiveSync.

    With Service Pack1 of Exchange 2013 they introduced "MAPI over HTTP" which is HTTP based as well but have some advantages over RPC calls:

    https://technet.microsoft.com/en-us/library/dn635177%28v=exchg.150%29.aspx

    Because of this I recommend against spending time on implementing a software which is providing an old outdated protocol "MAPI over TCP" which is used less and less.

    So the only question is if there is any benefit for iRedMail regarding connecting to a ActiveDirectory server. And I don't see any benefit here either, but I would have to think more about it.

  5. eXtremeSHOK reporter

    How is this a step backwards ?

    Microsoft is moving to a subscription based model around their 365 platform, they dont want exchnage servers.

    Outlook is the defacto email client for business and will remain.

    Every version of outlook since 2007 including their latest 2016 and iOS clients support mapi.

    None of them support caldav and carddav.

    Activesync does not work for large inboxes, mapi does.

    Currently no one has reverse engineered the rpc/http protocols. However either the openchange or samba group are most likely todo this in the future.

    Activesync is not supported in Outlook for ios/android and windows 10 (phone/tablet), only mapi.

    Zentyal, OpenXchange, Zimbra have all moved to bring native outlook support.

    Exchange is dead, Outlook is far from dead.

    Without proper support for outlook, iredmail simply will not survive, look around, everyone is making the move to support native outlook.

  6. Raffael Luthiger

    It is a step backwards because MAPI itself is not a very reliable protocol. That's why Microsoft themselves move away from it to Outlook Anywhere. If you inspect how Outlook 2010 and newer connects to the Exchange servers you will see that it is very often with Outlook Anywhere and not with MAPI.There are several technet articles where it is explained why.

    Your statement regarding Outlook for iOS etc. seems totally wrong to me. I am pretty sure they use Outlook Anywhere and not MAPI. Please bring a link with prove when you make such a statement.

    And regarding the other products: With Zimbra you don't talk natively MAPI with the server. You have in Outlook a plugin which is taking the MAPI calls and then makes normal HTTP calls to the Zimbra server. The same with OpenXchange: http://oxpedia.org/wiki/index.php?title=OXtender_2_for_Microsoft_Outlook

  7. eXtremeSHOK reporter

    "Outlook and ZWS are no longer supported by Zarafa at the end of Q1/2016. Both technologies can be used “as is” after Q1/2016, e.g. customers can use the Zarafa OL client with an Outlook version that is supported by Zarafa in Q1/2016."

    Pretty much they are not providing support for it. they will remain supported as unsupported technolgies.

    Read all the posts and you can clearly see outlook compatibility is a must.

    Now just imagine all those zarafa users looking and moving to iredmail .. when u have support for outlook.

  8. guenther_pfann

    Hi!

    This looks like the most possible way. or, improve iRedAdmin-Pro to sync between OpenLDAP and Samba4 when adding new account, updating/remove accounts? How about this: Setup iRedMail with OpenLDAP backend. Change OpenLDAP listening port from 389 to another one (e.g. 3890), so that Samba4 LDAP can use 389. Restart OpenLDAP. Setup Samba4+OpenChange. Update iRedAdmin config file to connect to OpenLDAP through port 3890. Sync OpenLDAP <-> Samba4 with cron job (and improved iRedAdmin-Pro).

    @zhang: Would you implement this synchronisation? What does it cost? I've some Outlook 2016 Users here and it would be nice if they can use their client without restrictions.

    best greetings Günther

  9. Log in to comment