How to configure Multi-tenancy on Zimbra Talk
- 1 How to configure Multi-tenancy on Zimbra Talk
- 1.1 Limitations
- 1.2 Prerequisites
- 1.3 Preparing Zimbra Environment
- 1.4 Configuring Zimbra Talk
- 1.5 DNS entries
- 1.6 Restarting Zimbra Talk Prosody
- 1.7 Testing the new Zimbra Talk for tenant domains
How to configure Multi-tenancy on Zimbra Talk
Zimbra Talk specializes in providing services for real time communication and it includes several components. In minimal installation a Zimbra environment and a single additional server (the Talk server) are required. At the moment the only supported platform for the Talk Server is Ubuntu 14.04 (64bit).
The Zimbra Talk system enables its users to perform text chat, text conference, video chat & video conference as well as online document collaboration between the participants of a Zimbra Talk session, using Zimbra Zimlet technology.
- For a full-featured experience with Zimbra Talk the usage of the Google Chrome >=34.0 web-browser is recommended. Chromium >=34.0 will also work on most operating systems, except Debian Testing due to Debian specifc changes in the sandbox handling
- The Safari web-browser and Microsoft’s Internet Explorer are supported as well, when the Temasys WebRTC plugin is installed for the respective browser. Firefox is currently not fully supported
- A functional webcam, microphone & headphones are also needed for videoconferences.
- Another limitation is the bandwidth which is available for the user. If many users, e.g. more than 6 users, are using the videochat application at the same time, the complete uplink and downlink bandwidth of a slow Internet
connection (<= 16000Mbit/s) could be saturated, affecting the quality of the conversation.
Before performing the configuration for multi-tenancy on Zimbra Talk, these prerequisites must be fulfilled:
- A working Zimbra 8.6 or above environment
- A working Zimbra Talk environment
- Knowledge and understanding of your network infrastructure setup, especially in regard to your Firewall and DNS settings
- Access to DNS management to create the required DNS settings per each tenant domain
- Access to Firewall management to enable required communication between Zimbra server/s and Zimbra Talk server/s
- Root access to the Zimbra and Talk Server.
- Have added the domain, or domains, correctly to Zimbra Collaboration, and have some users on it
Preparing Zimbra Environment
Preauth key per domain
When you want to configure multi-tenancy on Zimbra Talk, you might want to allow it for some domains on Zimbra, but doesn't allow it for others domains. For those domains you want to enable Zimbra Talk, you need to create a preauth key (this command take some time before complete):
zmprov gdpak example2.net
Configuring Zimbra Talk
Updating Prosody configuration
Zimbra Talk Prosody component must be updated per each new domain you add to Zimbra Collaboration.
- Note 1: All the domains you had before install Zimbra Talk will be per-configured on the Zimbra Talk Prosody component
- Note 2: You can add a domain, or a batch of domains before update the Zimbra Talk Prosody configuration, you can run the Prosody update as many times as you need (when you add a new domain or domains)
cd /usr/share/ztalk/libexec/ ./update-prosody-conf zimbraDefaultDomainName: example.com updating domains in ini from ldap updated Rosterfilter for Domain example.com Parameter not found: ZIMBRA_URL_MODE updated Rosterfilter for Domain example2.net Parameter not found: ZIMBRA_URL Parameter not found: ZIMBRA_URL_MODE
Checking the new Prosody configuration
Check the Zimbra Talk Prosody configuration is a good method to check if we have all the needed domains properly configured:
You will be able to see all the domains after the [global] configuration part:
[domain:example.com] RosterFilter = (&(objectClass=zimbraDistributionList)(uid=*)) zimbraPreAuthKey = a5694038280572f799223ac5457890d60e697e8965942b0f0428b2323112 ZIMBRA_URL = https://mail.example.com [domain:example2.net] RosterFilter = (&(objectClass=zimbraDistributionList)(uid=*)) zimbraPreAuthKey = f569403825689433f45545ac5457890d60e697e8965942b0f042856788445 ZIMBRA_URL = https://mail.example2.net
Another place to check if you have the proper configuration per each tenant domain, is by checking the Zimbra Talk Prosody configuration directory:
root@zimbratalk:/usr/share/ztalk/libexec# ls -la /etc/prosody/conf.d/ total 24 drwxr-xr-x 2 root root 4096 Jun 2 05:29 . drwxr-xr-x 4 prosody prosody 4096 Jun 1 17:34 .. -rw-r--r-- 1 root root 2651 Jun 2 05:29 example2.net.cfg.lua -rw-r--r-- 1 root root 1395 Jun 1 17:34 localhost.cfg.lua -rw-r--r-- 1 root root 2102 Jun 2 05:29 vnctalk-jitsi-meet.cfg.lua -rw-r--r-- 1 root root 2637 Jun 2 05:29 example.com.cfg.lua
The Zimbra Talk Prosody script creates as well the needed DNS if you are planning to use external XMPP Clients as Pidgin, etc. You can check all the DNS configurations per each tenant (for bind and dnsmasq) on the next directory:
root@zimbratalk:/usr/share/ztalk/libexec# ls -la /etc/zimbra-talk/dns.d/ total 24 drwxr-xr-x 2 root root 4096 Jun 2 05:29 . drwxr-xr-x 3 root root 4096 Jun 2 05:29 .. -rw-r--r-- 1 root root 265 Jun 2 05:29 example2.net.bind.conf -rw-r--r-- 1 root root 219 Jun 2 05:29 example2.net.dnsmasq.conf -rw-r--r-- 1 root root 251 Jun 2 05:29 example.com.bind.conf -rw-r--r-- 1 root root 205 Jun 2 05:29 example.com.dnsmasq.conf
If you open one of them, you will see the DNS entries which each tenant must add to their public DNS configuration, take a look to this example where the tenant with example2.net must add to their DNS the next:
_xmppconnect.example2.net. 300 IN TXT "_xmpp-client-xbosh=https://zimbratalk.example.com:443/http-bind" _xmppconnect.external.example2.net. 300 IN TXT "_xmpp-client-xbosh=https://zimbratalk.example.com:443/http-bind"
Restarting Zimbra Talk Prosody
After following all the previous steps, the last one is to restart the Zimbra Talk Prosody service
service prosody restart
Testing the new Zimbra Talk for tenant domains
The end-users can now login as usual on their tenant domain or domains, and they will be able to see the other users as expected and chatting with them: