Table of Contents
Zimbra Active Directory Integration
This page needs work!
http://www.zimbra.com/forums/administrators/11595-active-directory-integration.html
http://www.zimbra.com/forums/installation/1614-active-directory-integration.html
http://wiki.zimbra.com/wiki/LDAP_Active_Directory
http://wiki.zimbra.com/wiki/LDAP_Authentication
http://www.edugeek.net/forums/scripts/48075-zimbra-active-directory-sync.html
http://www.zimbra.com/forums/administrators/55085-ad-authentication-issue.html
Configure AD Authentication
Tested with Zimbra 8.0.2
- Users must be created separately in both AD and in Zimbra
- When creating Zimbra users, use the External Authentication field to specify the AD account
- Install zimbra using all the defaults
Finding the DN (distinguished name) of a user in Active Directory
http://wiki.zimbra.com/wiki/LDAP_Active_Directory
If you have a user who DOES NOT have an identical Zimbra username, you can edit the Zimbra user account and fill in the “External LDAP account for Authentication” field.
This is how you can determine the proper DN to enter in that field:
dsquery user forestroot -samid zimbrausername
Configure Authentication
- Administration Console → Home → Configure → Domains → Select Domain
- Toolbar → Configure Authentication
- Enter AD domain name
- Enter AD server FQDN (or IP address)
- Enter Port (3268, the default) → Next
- Skip LDAP Bind (disabled) → Next
- Test with a valid AD username and password → Next
- Enter External Group LDAP Search Base (dc=domain,dc=com)
- Enter External Group LDAP Search Filter (mail=%n) → Next → Finish
Configure GAL
http://code.google.com/p/adpassword/wiki/ActiveDirectoryGAL
- Administration Console → Home → Configure → Domains
- Select the domain
- Toolbar → Configure GAL (Global Address List)
Internal GAL
- Select GAL Mode (Internal)
- Datasource name for internal GAL (InternalGAL)
- GAL sync account name (leave default)
- Internal GAL polling interval (10 Minutes)
External GAL
External GAL still not working…
- Select GAL Mode (External)
- Set Server type (AD)
- Enter External server name (FQDN or IP of AD server)
- Enter Port (3268, the default)
- Enter LDAP search base (dc=domain,dc=com) → Next
- Enable Use DN/Password to bind to external server (check mark)
- Enter Bind DN (CN=Zimbra,CN=Users,DC=ronsconcrete,DC=com) → Next
- Enable Use GAL search settings for GAL sync (check mark) → Next
configure GAL to use external only (otherwise you will end up with duplicate users). The ldap server is the IP of one of your AD servers. you will then use the search filter found on page 31 and 32 of the admin guide, add an extra “)” at the end of this filter because of a typo in the manual. At the bottom change the DC to match your AD domain: eg: DC=domain,DC=local Create a user on your AD, that you will not use, eg: zimbrauser, and with a password, use this account to BIND to active directory. This will pull in the user list. Configure “Authentication” in the same way. WARNING: if you do this, you will also need to enable fallback authentication, otherwise the admin user will FAIL on the server, su to zimbra user and use this command: zmprov md zimbraAuthFallbackToLocal TRUE (replacing domain with the email domain you are using
Someone Else's Notes 2010
To integrate Zimbra to authenticate through active directory, do the following:
1. Log into Zimbra as administrator. Configuring Zimbra 2. Click Domains and New adding the domain tim2003.timschewe.ca 3. Click Next until you reach Authentication and choose External Active Directory 4. Click Next until you reach LDAP URL and enter the IP address of the 2003 Server 5. Supply a username and password from AD to test the settings 6. If you are successful, click Finish, if not, make the necessary corrections and retry 7. Click Accounts and click New 8. Enter an AD account name and choose the AD server from the dropdown 9. Enter the balance of the new user information as you see fit 10. Quit the administrator console and start a regular instance of Zimbra 11. You should be able to log in as username@tim2003.timschewe.ca with the appropriate username and password for an AD user