ZI-ADPASSWORD - Installation and Administration Guide

• Installation
• Zimbra configuration
• Release Notes

Installation

Unpack installer archive file *.tar.gz in /var/tmp/ (as root):

mv /root/ZI-ADPassword-x.x.tar.gz /var/tmp/
cd /var/tmp/
tar xzvf ZI-ADPassword-x.x.tar.gz
cd /var/tmp/ZI-ADPassword-x.x

Run installation script (as root):

perl ZI-Installer --instal-deps

At the beginning required perl packages will be installed:

Answer: Y

Press: Y

Answer: Y

Answer: Y

Enter login and password received with the license.

Choose: 1

Choose: Y

Choose: Y

If You answer Y, the zimbra mailbox will be restarted

After the mailbox restart, zimlet shoul be installed. To check it, login into the Panel Admin in Your ZCS Server and see Panel Administrator > Migration and tool > ZI-License. There should be informations about granted licenses.

 

Zimbra configuration

Prerequisites

The goal of this document is to configure Active Directory authentication for domain addomain.example.com in ZCS Zimbra and integrate it with ZI-ADPassword.

The configuration of AD authentication of the domain is according to the https://wiki.zimbra.com/wiki/Configure_authentication_with_Active_Directory .

Information needed:

• Active Directory administrator DN and passwords
• Active Directory address

 

Domain configuration

At beginning create the domain addomain.example.com:

zmprov cd addomain.example.com

We configure Active Directory authentication:

 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapBindDn '%u@addomain.local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBase 'CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindDn 'CN=Administrator,CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindPassword 'Administrator_password_in_AD'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchFilter '(samaccountname=%u)'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapURL 'ldaps://ad.addomain.local:636'
 

where:

• zimbraAuthLdapBindDn - LDAP bind dn for ldap auth mech
• zimbraAuthLdapSearchBase - LDAP search base for ldap auth mech
• zimbraAuthLdapSearchBindDn - LDAP search bind dn for ldap auth mech
• zimbraAuthLdapSearchBindPassword - LDAP search bind password for ldap auth mech
• zimbraAuthLdapSearchFilter - LDAP search filter for ldap auth mech
• zimbraAuthLdapURL - LDAP URL for ldap auth mech

ZImlet configuration

In this step we configure custom authentication for addomain.example.com:

 zmprov md addomain.example.com zimbraAuthMech 'custom:ZIADPassword'
 zmprov md addomain.example.com zimbraPasswordChangeListener ZIADChangePassword
 

After this ZI-ADPassword takes control over the authentication process and password changing requests.

Install Active Directory server certificate on every mailbox:

/opt/zimbra/common/bin/keytool -import -alias adserwer -keystore /opt/zimbra/common/etc/java/cacerts -trustcacerts -file /tmp/ad_cert.crt

Restart all mailboxes:

zmmailboxdctl restart

Release Notes