jmorby wrote:
Putting aside the fact that SSDB also seems to be in development and is "young" software, is there a way of having SSDB for ephemeral data storage and LDAP for authentication running in parallel?
As John mentioned, SSDB is not a replacement for LDAP; it's just a better place to store the write-heavy ephemeral data as LDAP was never designed for write-heavy usage. (Recall LDAP stands for "Lightweight Directory Access Protocol"). So yes, all your auth workloads will continue to be handled by Zimbra's LDAP.
Given your environment, you may want to consider a higher-availablity SSDB or Redis back end for Zimbra's ephemeral storage, rather than just a single SSDB server.
Keep in mind that if you have an issue with your SSDB/Redis environment, those systems are not supported by Zimbra -- same as if you deploy your own caching DNS server other than the shipped Unbound package. That may not be a concern for you, but for smaller, (e.g. single-server) environments where sysadmins may not have the time, experience or both to set up a Redis cluster or even just a single SSDB server in a production environment, it is a speed bump holding back Zimbra 9 adoptions as relayed to me by my professional services customers. After all, if the ephemeral data store doesn't work, no one can log in, so migrating the ephemeral data store from LDAP to a new SSDB/Redis environment some consider a high-risk change.
Compounding that risk is that, as far as I can tell, there's no way to have an existing Zimbra system "test" a new ephemeral data store either; you just change a setting, run the migration script and hope it works. If not, you are down, and unsupported.
When you deploy a new Docs server however, the zdocs installer lets you know if it can talk to Zimbra's LDAP successfully, and if not, no harm no foul: Zimbra won't start using the new Docs server until the installer proves it can play nicely with LDAP. I wish there was similar functionality when setting up SSDB/Redis to work with Zimbra.
So, I recently opened a Support Case with Zimbra to suggest an RFE that Zimbra ship an SSDB package with Zimbra itself, just like the way Zimbra ships the Unbound DNS caching server. That way, larger customers can leverage an existing SSDB/Redis cluster they are already using for other purposes (so they know it works), and smaller customers can just run the Zimbra installer to deploy an SSDB package and have it configured in a supported way to work with Zimbra.
Hope that helps,
Mark