# ZI-ADPASSWORD - Installation and Administration Guide

# Installation

Unpack installer archive file \*.tar.gz in /var/tmp/ (as root):

```
mv /root/ZI-ADPassword-x.x.tar.gz /var/tmp/
cd /var/tmp/
tar xzvf ZI-ADPassword-x.x.tar.gz
cd /var/tmp/ZI-ADPassword-x.x
```

Run installation script (as root):

```
perl ZI-Installer --instal-deps
```

At the beginning required perl packages will be installed:

[![screen1.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/N6Wyd1fM7D7E78uA-screen1.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/N6Wyd1fM7D7E78uA-screen1.png)

Answer: Y

[![screen2.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/sQcgBGimobM4R20i-screen2.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/sQcgBGimobM4R20i-screen2.png)

Press: Y

[![screen3.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/pdgeFk7I1RRvwH3L-screen3.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/pdgeFk7I1RRvwH3L-screen3.png)

[![screen4.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/oVBvAHO0CWTi81U2-screen4.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/oVBvAHO0CWTi81U2-screen4.png)

[![screen5.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/40NYsP4taRQ28rev-screen5.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/40NYsP4taRQ28rev-screen5.png)

Answer: Y

[![screen6.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/Ka5oeYi6D3o7M69p-screen6.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/Ka5oeYi6D3o7M69p-screen6.png)

Answer: Y

[![screen8.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/6AwmNhVqK2ir3KdX-screen8.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/6AwmNhVqK2ir3KdX-screen8.png)

[![screen9.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/0ohqYIT6qzwd5VKn-screen9.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/0ohqYIT6qzwd5VKn-screen9.png)

Enter login and password received with the license.

[![screen10.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/poX23plo9i4zsARN-screen10.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/poX23plo9i4zsARN-screen10.png)

Choose: 1

[![screen11.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/AIwqhIGXgHi1jBZg-screen11.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/AIwqhIGXgHi1jBZg-screen11.png)

Choose: Y

[![screen12.png](https://docs.intalioservices.com/uploads/images/gallery/2020-05/scaled-1680-/hMIJdGcPkz69QD9y-screen12.png)](https://docs.intalioservices.com/uploads/images/gallery/2020-05/hMIJdGcPkz69QD9y-screen12.png)

Choose: Y

<p class="callout info">If You answer Y, the zimbra mailbox will be restarted</p>

After the mailbox restart, zimlet shoul be installed. To check it, login into the Panel Admin in Your ZCS Server and see Panel Administrator &gt; Migration and tool &gt; ZI-License. There should be informations about granted licenses.

# Zimbra configuration

## Prerequisites

The goal of this document is to configure Active Directory authentication for domain **addomain.example.com** in ZCS Zimbra and integrate it with ZI-ADPassword.

The configuration of AD authentication of the domain is according to the [https://wiki.zimbra.com/wiki/Configure\_authentication\_with\_Active\_Directory](https://wiki.zimbra.com/wiki/Configure_authentication_with_Active_Directory) .

Information needed:

- Active Directory administrator DN and passwords
- Active Directory address

## Domain configuration

At beginning create the domain **addomain.example.com**:

```
zmprov cd addomain.example.com
```

We configure Active Directory authentication:

```
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapBindDn '%u@addomain.local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBase 'CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindDn 'CN=Administrator,CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindPassword 'Administrator_password_in_AD'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchFilter '(samaccountname=%u)'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapURL 'ldaps://ad.addomain.local:636'
 
```

where:

- zimbraAuthLdapBindDn - LDAP bind dn for ldap auth mech
- zimbraAuthLdapSearchBase - LDAP search base for ldap auth mech
- zimbraAuthLdapSearchBindDn - LDAP search bind dn for ldap auth mech
- zimbraAuthLdapSearchBindPassword - LDAP search bind password for ldap auth mech
- zimbraAuthLdapSearchFilter - LDAP search filter for ldap auth mech
- zimbraAuthLdapURL - LDAP URL for ldap auth mech

## ZImlet configuration

In this step we configure custom authentication for addomain.example.com:

```
 zmprov md addomain.example.com zimbraAuthMech 'custom:ZIADPassword'
 zmprov md addomain.example.com zimbraPasswordChangeListener ZIADChangePassword
 
```

After this ZI-ADPassword takes control over the authentication process and password changing requests.

Install Active Directory server certificate on every mailbox:

```
/opt/zimbra/common/bin/keytool -import -alias adserwer -keystore /opt/zimbra/common/etc/java/cacerts -trustcacerts -file /tmp/ad_cert.crt
```

Restart all mailboxes:

```
zmmailboxdctl restart
```

# Release Notes