I rarely spend much time waxing poetic about software (OK. I did for VirtualIron but it's just too damn good) but I think I need to do this for Zimbra Collaboration Suite (ZCS). I first suggested we migrate away from Sun's horrid iPlanet system to Zimbra about two years ago. Due to various budget issues, we couldn't do it until this year. And for the past few months I've spent a lot of time learning various systems to get this up and running the way I want. There is, of course, the VirtualIron system hosting the VM that Zimbra is running on. I took a few wrong turns before settling on VirtualIron. All the VMs are sitting on a SAN (Hewlett-Packard EVA). And finally Zimbra (version 4.5.9) was installed on both TEST and PRODUCTION VMs.
My first domain migration happened at the beginning of November and it went amazingly smoothly. Of course there were only 64 users, so that was to be expected. The next domain was this past weekend. That took a bit longer to complete with 774 users and a good number of distribution lists. All of the account and mail distribution list data was extracted from the iPlanet server using a custom script wrapped around 'ldapsearch'. That data was converted live to the ZMP format to be used on the Zimbra server for provisioning accounts.
Once I got the accounts and groups in place, I needed to copy their mail. I used the ever ubiquitous 'imapsync' (I owe that guy something.... heading over to the donation page as soon as I finish this post) to copy all the mail from the iPlanet server to the new Zimbra server. it worked like a charm, but I had to wrap an 'expect' script around it because iPlanet would prompt me for the auth admin user password for every user. I'm not sitting around waiting to enter that 774 times!
I did the initial mail sync about three days before migration, and then ran the incremental sync once every day leading up to the final day of migration. Finally, on the night of migration, I made all the requisite DNS and spam filter changes for the domain, performed a final sync (took about an hour) and removed the domain from the iPlanet server. We were now live! That takes care of the general process, but why is it that I love ZCS so much? Let me explain...
First off, after having dealt with raw LDAP for the past seven years and actually getting a pretty decent understanding of it (not enough to create my own schema yet), I'm happy to see that Zimbra found a better interface to LDAP. They are using their SOAP application 'zmprov' to handle everything about LDAP. However, they STILL allow you to deal directly with LDAP by giving you a parameter you can pass to 'zmprov' to turn off SOAP mode! So you can have your cake and eat it to, as it were.
The next big deal for me is that 'zmprov' really is THE tool for doing bulk administration. As nice as their admin web interface is, we all know that GUI and web interfaces are not the medium to use when you want to make a lot of changes to a lot of objects very quickly. One of the nicest things about ZCS as a whole is actually the Wiki that Zimbra provides which explains almost anything you'd need to know about Zimbra. They have a nice reference for all LDAP attributes that you can affect with 'zmprov'. That's how I was able to bulk provision my users with a default password, then force them to change it on first login and restrict them from re-using it as their new password.
Another aspect is that their web admin interface really isn't that bad at all. It gives you a lot of info that is actually... useful! Big surprise there. I'm used to web interfaces that are designed by anyone but the admins themselves. Unlike iPlanet, you can actually see what groups a user is a member of! Not only that, but you can actually add/delete their membership in a group from the user account info instead of having to switch over to the group portion of the admin interface.
My users (...at least initially. More on their issues later) are really happy with the new interface. iPlanet was long in the tooth. In 2001. Zimbra, thanks to the magick of AJAX feels like an application. They are loving the Exchange killer features of Zimbra. (Admittedly I really wanted to do this two years ago but, oh well)