Zimbra 9: zoom integration install

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
Robin
Posts: 2
Joined: Fri May 22, 2020 12:00 pm

Zimbra 9: zoom integration install

Post by Robin »

Hi,

I can't get it to work on my Zimbra 9 NE.
I followed this documentation (created an app on my zoom account, configured ldap, installed zimlet package) : https://zimbra.github.io/zimbra-9/admin ... rn_web_app

I still got this error when "activating" zoom integration in my account settings.

Code: Select all

2020-05-22 08:54:27,448 ERROR [qtp1027591600-147:https://my-zimbra-domain/service/extension/oauth2/authorize/zoom?type=noop&state=%2Fmodern%2FzoomAuthCompleted] [name=robin@my-zimbra-domain;] extensions - Unable to load ephemeral store for oauth. : unsupported
2020-05-22 08:54:27,449 WARN  [qtp1027591600-147:https://my-zimbra-domain/service/extension/oauth2/authorize/zoom?type=noop&state=%2Fmodern%2FzoomAuthCompleted] [name=robin@my-zimbra-domain;] extensions - The specified client is not supported with configured ephemeral backend: zoom
2020-05-22 08:54:27,449 ERROR [qtp1027591600-147:https://my-zimbra-domain/service/extension/oauth2/authorize/zoom?type=noop&state=%2Fmodern%2FzoomAuthCompleted] [name=robin@my-zimbra-domain;] extensions - An oauth application error occurred. : unsupported
Is it not working because I don't use SSDB for ephemeral data?
Anybody managed to make it works?

Thank you,
User avatar
fs.schmidt
Outstanding Member
Outstanding Member
Posts: 278
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil
Contact:

Re: Zimbra 9: zoom integration install

Post by fs.schmidt »

Robin wrote:[/code]

Is it not working because I don't use SSDB for ephemeral data?
Anybody managed to make it works?
Thank you,
That is exactly the reason:

"For Zoom to work with Zimbra Collaboration, the server must have ephemeral storage configured."

https://zimbra.github.io/zimbra-9/admin ... ng_up_zoom
Best regards.
Fabio S. Schmidt
http://www.bktech.com.br
Brasília - Brazil
krabina
Advanced member
Advanced member
Posts: 166
Joined: Fri Sep 12, 2014 11:53 pm
Location: Vienna, Austria
ZCS/ZD Version: 9.0
Contact:

Re: Zimbra 9: zoom integration install

Post by krabina »

But what does that mean. From what I read in the docs, the ephemeral storage is still a beta feature.

Also, in smaller installations, the default ephemeral storage is LDAP, so if I don't need a separate ephemeral storage server, I should be fine. Or does this mean there has to be a dedicated ephemeral storage server configured in order to use Zoom integration?
Robin
Posts: 2
Joined: Fri May 22, 2020 12:00 pm

Re: Zimbra 9: zoom integration install

Post by Robin »

I installed ssdb locally on my single server and it works.
You don't need to use an external server. But ldap backend doesn't work for zoom integration. You need ssdb...
jmorby
Posts: 13
Joined: Thu Apr 10, 2014 12:11 pm

Re: Zimbra 9: zoom integration install

Post by jmorby »

I'm trying to understand how/where SSDB fits into the equation.

LDAP has long been the defacto method of integrating 3rd party authentication systems (anti spam, domain controller, etc, etc, etc) with mail systems. LDAP has been the authentication backbone of enterprise environments for longer than I care to remember.

Is it a case of either/or with Zimbra 9? If you want Zoom/etc integration then you need SSDB and must replace your LDAP service?

We have a high reliance on LDAP for service and application layer authentication, mailbox sync and more. We can't just remove LDAP from our environment. We have a load balanced farm of LDAP servers to handle the volume of requests, performance is a consideration, and I can see the benefits of a switch to SSDB, but not if it means losing the 10 years worth of 3rd party LDAP service integrations we've gone through. Not overnight anyway. We'll need black box vendors to develop another form of API integration.

Putting aside the fact that SSDB also seems to be in development and is "young" software, is there a way of having SSDB for ephemeral data storage and LDAP for authentication running in parallel?

If it's a case of having to replace LDAP going forwards, is there a broker that will continue to process external LDAP requests and translate them to SSDB queries?
User avatar
jeastman
Zimbra Employee
Zimbra Employee
Posts: 82
Joined: Tue Mar 29, 2016 1:36 pm

Re: Zimbra 9: zoom integration install

Post by jeastman »

SSDB (or more broadly the "Ephemeral Store") is not meant to be a replacement for LDAP. It has been put into place to support frequently changed, transient ("ephemeral") data which was previously stored in LDAP by Zimbra (examples would be "last login timestamp" and CSRF tokens). The LDAP servers of high-volume systems tend to have issues with this data, especially around replication and synchronization. It is designed to be run in parallel.

You should be able to put an ephemeral store in place without having an effect on any of your other systems using the Zimbra LDAP.
John Eastman
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Zimbra 9: zoom integration install

Post by L. Mark Stone »

jmorby wrote: Putting aside the fact that SSDB also seems to be in development and is "young" software, is there a way of having SSDB for ephemeral data storage and LDAP for authentication running in parallel?
As John mentioned, SSDB is not a replacement for LDAP; it's just a better place to store the write-heavy ephemeral data as LDAP was never designed for write-heavy usage. (Recall LDAP stands for "Lightweight Directory Access Protocol"). So yes, all your auth workloads will continue to be handled by Zimbra's LDAP.

Given your environment, you may want to consider a higher-availablity SSDB or Redis back end for Zimbra's ephemeral storage, rather than just a single SSDB server.

Keep in mind that if you have an issue with your SSDB/Redis environment, those systems are not supported by Zimbra -- same as if you deploy your own caching DNS server other than the shipped Unbound package. That may not be a concern for you, but for smaller, (e.g. single-server) environments where sysadmins may not have the time, experience or both to set up a Redis cluster or even just a single SSDB server in a production environment, it is a speed bump holding back Zimbra 9 adoptions as relayed to me by my professional services customers. After all, if the ephemeral data store doesn't work, no one can log in, so migrating the ephemeral data store from LDAP to a new SSDB/Redis environment some consider a high-risk change.

Compounding that risk is that, as far as I can tell, there's no way to have an existing Zimbra system "test" a new ephemeral data store either; you just change a setting, run the migration script and hope it works. If not, you are down, and unsupported.

When you deploy a new Docs server however, the zdocs installer lets you know if it can talk to Zimbra's LDAP successfully, and if not, no harm no foul: Zimbra won't start using the new Docs server until the installer proves it can play nicely with LDAP. I wish there was similar functionality when setting up SSDB/Redis to work with Zimbra.

So, I recently opened a Support Case with Zimbra to suggest an RFE that Zimbra ship an SSDB package with Zimbra itself, just like the way Zimbra ships the Unbound DNS caching server. That way, larger customers can leverage an existing SSDB/Redis cluster they are already using for other purposes (so they know it works), and smaller customers can just run the Zimbra installer to deploy an SSDB package and have it configured in a supported way to work with Zimbra.

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
tlambilotte
Posts: 3
Joined: Sat Sep 13, 2014 3:54 am
Location: Belgium

Re: Zimbra 9: zoom integration install

Post by tlambilotte »

Hello,

Maybe I should create a new post, if so, please let me know, but my concern ties into this topic.
I carried out the various installations necessary for the integration of Zoom. Unfortunately when I want to connect, I am systematically redirected to my server address and the window that opens is that of my inbox ...

In mailbox.log I have this error:

Code: Select all

2020-10-30 09:06:51,307 WARN  [qtp1427889191-11337:https://my-zimbra-domain/service/extension/oauth2/authorize/zoom?type=noop&state=%2Fmodern%2FzoomAuthCompleted&authzemail=thierry.lambilotte%40my-zimbra-domain&redirect_origin=https%3A%2F%2Fmy-zimbra-domain] [name=thierry.lambilotte@my-zimbra-domain;] extensions - The specified client is not supported with configured ephemeral backend: zoom
2020-10-30 09:06:51,307 ERROR [qtp1427889191-11337:https://my-zimbra-domain/service/extension/oauth2/authorize/zoom?type=noop&state=%2Fmodern%2FzoomAuthCompleted&authzemail=thierry.lambilotte%40my-zimbra-domain&redirect_origin=https%3A%2F%2Fmy-zimbra-domain] [name=thierry.lambilotte@my-zimbra-domain;] extensions - An oauth application error occurred. : unsupported
In the log.txt of the ssdb server I have this kind of error:

Code: Select all

2020-10-30 14:47:22.418 [DEBUG] worker.cpp(42): w:0.045,p:0.015, req: get ACCOUNT|0888d885-f259-418c-a435-98e777bd8862|zimbraCsrfTokenData|92dc24316156ef4871c58722a8ebb5d2, resp: not_found
However, the migration seems to have gone well with zmmigrateattrs (csv file ok).
I'm a little short of ideas.
Could you help me please?

Thank you in advance.

Zimbra NE 9.0.0_GA_3976 - CentOS 7
Thierry Lambilotte
renato.gallo
Posts: 7
Joined: Wed Aug 31, 2022 12:26 pm

Re: Zimbra 9: zoom integration install

Post by renato.gallo »

Same problem here
Post Reply