Tuesday, May 07, 2013

Whew!

I just looked and my last blog was March 27th; The last 1+ month has been very busy.  Not a lot of things took place that warranted screenshots or R&D updates.  OpenLDAP and Zimbra deployments both occurred and took most of my time.  Status updates:

OpenLDAP
The change to centralized passwords went off very well.  During my prep work, I created a "Password Sandbox" application that allows you to test various passwords before actually making the change.  This proved to be very popular and effective.  Part of my time was then allocated monitoring all 800 of our users to ensure they all changed their passwords and sending out daily status reports to work on 100% completion.  It's now all done and our passwords have been hardened to current metrics.

Support Portal Application
I have been putting in some patches and features for our support staff.  They could see at a glance users with passwords that still had not been changed, and made it easier to create and upload LDIF records.  We've reached a milestone with this functionality where it's very simple to create new employees in LDAP.  We also can now auto-provision new people in the Zimbra post office with just a single click.  Within 10 minutes of checking the button, the user has email.

LDAP Sync To Zimbra.
Zimbra auto provisions email accounts, and I wrote a small python script that runs at 1am to push any updates that occur from OpenLDAP to Zimbra.  Phone numbers and job titles change, and all of this information is now synced.  Support staff only has to change the information in one place, saving us time.

Zimbra Is Live
After a long ramp up time of testing, we put Zimbra live and it replaced Evolution/Groupwise.  It was kind of sad to move away from Evolution, but unfortunately we just could not get bug fixes from Novell/Suse under our support contract in a timely manner.  Zimbra was deployed with virtually no problems.  We built one server and have about 250 concurrent connections via the web interface and then an equal number of connections from mail-notification(IMAP) on the lower panel to alert them of new messages for a total of 500+ connections.  Zimbra is flying and you can barely notice the difference with a full load.  Fast and crisp.

In the past our server which provided Firefox would have about 100 concurrent users, now that users are accessing email from a browser this has jumped to about 250.  The server took this load without a hiccup and is working very well.  With 100 concurrent the machine would be about 10% busy and now it's running about 15%.  We scaled this machine with the expectation of greatly increased Firefox loads and it's working like a champ.

And The One GOTCHA
There is always one, right? :)  LibreOffice (and OpenOffice) have features embedded in various places to hand off the current document, or the current document converted to another format directly to your email software.  This is a great feature because it eliminates the need for users to convert to other formats prior to sending to outside.  A document can be created in ODT format and retained here in that manner, and then converted to DOC on the fly...and the DOC is never saved to the local file system.  In case you didn't know it did this, here is where the magic happens:


Now the bad part, it basically does a mailto: to your email client and uses &attach which it turns out is not officially in the RFC and is only available in certain email software...including Evolution.  But many/most web based email software does not allow or support it.  I can certainly see that this could be a bad exploit.  Someone could create a mailto tag that requests files of an unsuspecting users desktop. 

You cannot just tell users to drag and drop the file out of Nautilus because in many cases, it's generated as a temp file and is never saved for them to be able to find.  You can't expect them to open Nautilus in /tmp and *maybe* find their file out of the hundreds of other temp files from the day.  Clunky to say the least.

Zimbra supports HTML 5 drag and drop reception, so I worked up a prototype idea.  Jasper and Federico were so kind to help me with the drag-and-drop mechanics of GTK and we're testing this concept now.  When a temp file is generated and needs to be attached to email from LibreOffice (and other applications if it pans out)...a popup window appears on the left edge with a thumbnail of the document.  The end user can then grab the document and drag it into their composer window.  In the shot below, user has selected the option to "Email as PDF" and the popup appears with thumbnail and Zimbra composer window opens (PURPLE).  The user then drags the file into the composer (RED). 



In the coming days, I'll be testing this concept and soliciting user feedback.  If it seems to be working, I'll connect it to the rest of our applications that previously auto-attached files to Evolution. 

Next up for me is creating LDAP groups and then getting Alfresco to auto-provision users and put people into those groups.  We're at the breaking point around here of maintaining documents only on a file system and are in need of a management system.  We'll be pilot testing this in IT to see how it works.

Other issues: 64bit HP thin client is sitting here for me to test, various portal changes have been requested, continued Zimbra troubleshooting and support, various Java/Flash/Firefox upgrades. 

2 comments:

Amie said...

This is cool!

John Michle said...

Its really informative, highlighted points and other facts given here are quite considerable and to the point as well would be better to look for more of these kind.

Hvac Service Management Software