Thoughts on Zentyal

* Update Jan 2013 – Zentyal 3.0 has been out and a migration guide published. You can’t migrate user passwords which for effective purposes means you can’t migrate. IMO this is unacceptable and I would not suggest using Zentyal unless you are able to get very dirty with ldap schema and samba to migrate them yourselves. If you set up clients using their old desktop package you are just thrown under a bus because this configuration won’t work with 3.0 without MAJOR hacks. Can you imagine Microsoft releasing a new version of Active Directory where you had to redo every client and have every user set their password? No you can’t because they wouldn’t ever do that.

A few times people have suggested I try out Zentyal. So here it is, my review of Zentyal 2.2.

One of my biggest complains with Linux in the enterprise is that there are 100 different solutions and you need 30 of them and all of them suck. If you want centralized login, file shares, email, etc in Windows you get Windows Server. It does everything you need. Joining a domain takes about 20 seconds. In Linux you better be prepared to spend years learning every little part. Where do you even begin? OpenLDAP? FreeIPA. Who the hell cares what LDAP even is.

Zentyal solves this. Want users and groups? Well install the module users and groups. Done. Zentyal picks all the choices for you. You don’t want Samba and you sure don’t give a damn about how it compares with NFS. You want users to share files. So install the “file sharing” module. I really like this screen shot, it speaks to me for all the times I see “LDAP config” in whatever application. Here this is probably what you are looking for just copy and paste it.

In the backend Zentyal just generally uses whatever is most popular. OpenLDAP, Samba,  Squid, etc. So if you want to fight with LDIF files you can. What’s sad is you will have to :(

Zentyal has some glaring flaws. You can’t even import users. It’s light years behind Active Directory in terms of features – though I do prefer having a web application over Active Directory tools. Also you can run Zentyal on some old junk you have laying around, Active Directory basically requires a super computer these days. You can of course use scripts but still it’s disappointing.

Zentyal is written in perl which is about the most angry language ever made.

perl -pe '$_.="\n"x7'

That’s perl for who the hell can read this. Sorry to be picky but being written in perl means I won’t contribute. And I might otherwise so that’s too bad. Would be great to have something like a inventory script in Zentyal.

Another issue that really bugs me is the total lack of consideration for clients. They have a Linux desktop debian package but it’s outdated and actually does very little. It will make your ldap.conf file for you and that’s nice. But forget cached credentials. I’m sorry a solution that doesn’t work on a laptop is just absurd. Of course you can set it up yourself but that’s a pain. They also have a unison script (just like what I did) to simulate roaming profiles, but I don’t really like their implementation. It adds scary windows to a user’s log in and doesn’t sync often enough to be reliable.

All in all I’m happy I migrated to Zentyal from vanilla openldap, samba, etc. It’s a step in the right direction. I was even able to integrate Zentyal with Google Apps (this isn’t supported, big hack). I’ll try to get around to sharing all the hacks I did to make password syncing work soon. Stay tuned.

3 thoughts on “Thoughts on Zentyal”

  1. Nice review, made me chuckle a couple of times. Was a honest first look at a product i’ve never seen. I’ve just taken on a client whose previous IT company implemented an ebox/zentyal solution which they all hate as nobody knows what the hell its doing or how it works. You helped with what to expect. i’ll probably chuck an SBS box in there – in the small area i live in there are about 3 people who knows linux well enough to support a small business. I’m not one of them.

  2. i came to your post trying to search for a solution syncing zentyal passwords with google apps account.

    There are a dozen sites which tell you how to sync accounts, but none has a working solution for syncing passwords.

    I read that you have a hack that works for syncing passwords. Could you please help me with the same.

    Regards
    ashok
    from india

  3. My Google Apps solution is pretty awful right now. I’ll clean it up and post this summer when I migrate to 3.0.

    Basically I’m using the Google Apps provisioning API to change passwords. I’m literally hijacking the change password page and sending it to Google as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>