* Update Jan 2013 – Zentyal 3.0 has been out and a migration guide published. You can’t migrate user passwords which for effective purposes means you can’t migrate. IMO this is unacceptable and I would not suggest using Zentyal unless you are able to get very dirty with ldap schema and samba to migrate them yourselves. If you set up clients using their old desktop package you are just thrown under a bus because this configuration won’t work with 3.0 without MAJOR hacks. Can you imagine Microsoft releasing a new version of Active Directory where you had to redo every client and have every user set their password? No you can’t because they wouldn’t ever do that.
A few times people have suggested I try out Zentyal. So here it is, my review of Zentyal 2.2.
One of my biggest complains with Linux in the enterprise is that there are 100 different solutions and you need 30 of them and all of them suck. If you want centralized login, file shares, email, etc in Windows you get Windows Server. It does everything you need. Joining a domain takes about 20 seconds. In Linux you better be prepared to spend years learning every little part. Where do you even begin? OpenLDAP? FreeIPA. Who the hell cares what LDAP even is.
Zentyal solves this. Want users and groups? Well install the module users and groups. Done. Zentyal picks all the choices for you. You don’t want Samba and you sure don’t give a damn about how it compares with NFS. You want users to share files. So install the “file sharing” module. I really like this screen shot, it speaks to me for all the times I see “LDAP config” in whatever application. Here this is probably what you are looking for just copy and paste it.
In the backend Zentyal just generally uses whatever is most popular. OpenLDAP, Samba, Squid, etc. So if you want to fight with LDIF files you can. What’s sad is you will have to 🙁
Zentyal has some glaring flaws. You can’t even import users. It’s light years behind Active Directory in terms of features – though I do prefer having a web application over Active Directory tools. Also you can run Zentyal on some old junk you have laying around, Active Directory basically requires a super computer these days. You can of course use scripts but still it’s disappointing.
Zentyal is written in perl which is about the most angry language ever made.
perl -pe '$_.="\n"x7'
That’s perl for who the hell can read this. Sorry to be picky but being written in perl means I won’t contribute. And I might otherwise so that’s too bad. Would be great to have something like a inventory script in Zentyal.
Another issue that really bugs me is the total lack of consideration for clients. They have a Linux desktop debian package but it’s outdated and actually does very little. It will make your ldap.conf file for you and that’s nice. But forget cached credentials. I’m sorry a solution that doesn’t work on a laptop is just absurd. Of course you can set it up yourself but that’s a pain. They also have a unison script (just like what I did) to simulate roaming profiles, but I don’t really like their implementation. It adds scary windows to a user’s log in and doesn’t sync often enough to be reliable.
All in all I’m happy I migrated to Zentyal from vanilla openldap, samba, etc. It’s a step in the right direction. I was even able to integrate Zentyal with Google Apps (this isn’t supported, big hack). I’ll try to get around to sharing all the hacks I did to make password syncing work soon. Stay tuned.