LDAP Architecture
Article Information |
---|
This article applies to the following ZCS versions. |
Zimbra LDAP Architecture
Zimbra uses OpenLDAP as one of its primary datastores. The LDAP database is used to store a wide variety of data, including but not limited to:
* Server configuration pieces * Software configuration pieces * User data * COS data
OpenLDAP Internals
OpenLDAP and BDB (ZCS7 and previous)
In ZCS 7 and prior releases, OpenLDAP uses Berkeley Database (BDB) as the storage engine. OpenLDAP has two database backends that rely on BDB, back-bdb and back-hdb. Zimbra uses the back-hdb backend due to its superior performance profile to back-bdb. There are a number of tuning pieces necessary to get optimal performance when using either back-bdb or back-hdb. Detailed specifics on tuning are documented at [OpenLDAP performance tuning for ZCS 7]. Here we will give an overview of the different pieces.
OpenLDAP Caches
BDB Caches
OpenLDAP and MDB (ZCS8 and later)
LDAP and Authentication
OpenLDAP and Nginx
In the majority of installations, Nginx does not access LDAP directly. However, when cert auth or a SASL mechanism such as GSSAPI are used, nginx will auth against LDAP to log into the upstream server.
OpenLDAP and MTA
OpenLDAP and Postfix
OpenLDAP and Amavis
OpenLDAP and MBS