ZI-ADPASSWORD - Installation and Administration Guide

Installation

Unpack installer archive file *.tar.gz in /var/tmp/ (as root):

mv /root/ZI-ADPassword-x.x.tar.gz /var/tmp/
cd /var/tmp/
tar xzvf ZI-ADPassword-x.x.tar.gz
cd /var/tmp/ZI-ADPassword-x.x

Run installation script (as root):

perl ZI-Installer --instal-deps

At the beginning required perl packages will be installed:

screen1.png

Answer: Y

screen2.png

Press: Y

screen3.png

screen4.png

screen5.png

Answer: Y

screen6.png

Answer: Y

screen8.png

screen9.png

Enter login and password received with the license.

screen10.png

Choose: 1

screen11.png

Choose: Y

screen12.png

Choose: Y

If You answer Y, the zimbra mailbox will be restarted

After the mailbox restart, zimlet shoul be installed. To check it, login into the Panel Admin in Your ZCS Server and see Panel Administrator > Migration and tool > ZI-License. There should be informations about granted licenses.

 

Zimbra configuration

Prerequisites

The goal of this document is to configure Active Directory authentication for domain addomain.example.com in ZCS Zimbra and integrate it with ZI-ADPassword.

The configuration of AD authentication of the domain is according to the https://wiki.zimbra.com/wiki/Configure_authentication_with_Active_Directory .

Information needed:

 

Domain configuration

At beginning create the domain addomain.example.com:

zmprov cd addomain.example.com

We configure Active Directory authentication:

 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapBindDn '%u@addomain.local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBase 'CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindDn 'CN=Administrator,CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindPassword 'Administrator_password_in_AD'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchFilter '(samaccountname=%u)'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapURL 'ldaps://ad.addomain.local:636'
 

where:

ZImlet configuration

In this step we configure custom authentication for addomain.example.com:

 zmprov md addomain.example.com zimbraAuthMech 'custom:ZIADPassword'
 zmprov md addomain.example.com zimbraPasswordChangeListener ZIADChangePassword
 

After this ZI-ADPassword takes control over the authentication process and password changing requests.

Install Active Directory server certificate on every mailbox:

/opt/zimbra/common/bin/keytool -import -alias adserwer -keystore /opt/zimbra/common/etc/java/cacerts -trustcacerts -file /tmp/ad_cert.crt

Restart all mailboxes:

zmmailboxdctl restart

Release Notes