ZI-ADPASSWORD - Installation and Administration Guide
Installation
Unpack installer archive file *.tar.gz in /var/tmp/ (as root):
mv /root/ZI-ADPassword-x.x.tar.gz /var/tmp/
cd /var/tmp/
tar xzvf ZI-ADPassword-x.x.tar.gz
cd /var/tmp/ZI-ADPassword-x.x
Run installation script (as root):
perl ZI-Installer --instal-deps
At the beginning required perl packages will be installed:
Answer: Y
Press: Y
Answer: Y
Answer: Y
Enter login and password received with the license.
Choose: 1
Choose: Y
Choose: Y
If You answer Y, the zimbra mailbox will be restarted
After the mailbox restart, zimlet shoul be installed. To check it, login into the Panel Admin in Your ZCS Server and see Panel Administrator > Migration and tool > ZI-License. There should be informations about granted licenses.
Zimbra configuration
Prerequisites
The goal of this document is to configure Active Directory authentication for domain addomain.example.com in ZCS Zimbra and integrate it with ZI-ADPassword.
The configuration of AD authentication of the domain is according to the https://wiki.zimbra.com/wiki/Configure_authentication_with_Active_Directory .
Information needed:
- Active Directory administrator DN and passwords
- Active Directory address
Domain configuration
At beginning create the domain addomain.example.com:
zmprov cd addomain.example.com
We configure Active Directory authentication:
zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapBindDn '%u@addomain.local'
zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBase 'CN=Users,DC=addomain,DC=local'
zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindDn 'CN=Administrator,CN=Users,DC=addomain,DC=local'
zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindPassword 'Administrator_password_in_AD'
zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchFilter '(samaccountname=%u)'
zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapURL 'ldaps://ad.addomain.local:636'
where:
- zimbraAuthLdapBindDn - LDAP bind dn for ldap auth mech
- zimbraAuthLdapSearchBase - LDAP search base for ldap auth mech
- zimbraAuthLdapSearchBindDn - LDAP search bind dn for ldap auth mech
- zimbraAuthLdapSearchBindPassword - LDAP search bind password for ldap auth mech
- zimbraAuthLdapSearchFilter - LDAP search filter for ldap auth mech
- zimbraAuthLdapURL - LDAP URL for ldap auth mech
ZImlet configuration
In this step we configure custom authentication for addomain.example.com:
zmprov md addomain.example.com zimbraAuthMech 'custom:ZIADPassword'
zmprov md addomain.example.com zimbraPasswordChangeListener ZIADChangePassword
After this ZI-ADPassword takes control over the authentication process and password changing requests.
Install Active Directory server certificate on every mailbox:
/opt/zimbra/common/bin/keytool -import -alias adserwer -keystore /opt/zimbra/common/etc/java/cacerts -trustcacerts -file /tmp/ad_cert.crt
Restart all mailboxes:
zmmailboxdctl restart