Skip to main content

Zimbra configuration

Prerequisites

The goal of this document is to configure Active Directory authentication for domain addomain.example.com in ZCS Zimbra and integrate it with ZI-ADPassword.

The configuration of AD authentication of the domain is according to the https://wiki.zimbra.com/wiki/Configure_authentication_with_Active_Directory .

Information needed:

  • Active Directory administrator DN and passwords
  • Active Directory address

 

Domain configuration

At beginning create the domain addomain.example.com:

zmprov cd addomain.example.com

We configure Active Directory authentication:

 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapBindDn '%u@addomain.local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBase 'CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindDn 'CN=Administrator,CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindPassword 'Administrator_password_in_AD'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchFilter '(samaccountname=%u)'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapURL 'ldaps://ad.addomain.local:636'

where:

  • zimbraAuthLdapBindDn - DN used in Active Directory
  • zimbraAuthLdapSearchBase - the base where users will be searched for
  • zimbraAuthLdapSearchBindDn - user with administrator rigths used to search in AD
  • zimbraAuthLdapSearchBindPassword - administrator user password
  • zimbraAuthLdapSearchFilter -
  • zimbraAuthLdapURL - address of the Active Directory server

ZImlet configuration

In this step we configure custom authentication for addomain.example.com:

 zmprov md addomain.example.com zimbraAuthMech 'custom:ZIADPassword'
 zmprov md addomain.example.com zimbraPasswordChangeListener ZIADChangePassword

After this ZI-ADPassword is responsible for authentication process and password changing requests.

Last step is to install Active Directory server certificate:

/opt/zimbra/common/bin/keytool -import -alias adserwer -keystore /opt/zimbra/common/etc/java/cacerts -trustcacerts -file /tmp/ad_cert.crt

 

Back to top