Skip to main content

Zimbra configuration

Prerequisites

The goal of this document is to configure Active Directory authentication for domain addomain.example.com in ZCS Zimbra and integrate it with ZI-ADPassword.

The configuration of AD authentication of the domain is according to the https://wiki.zimbra.com/wiki/Configure_authentication_with_Active_Directory .

Information needed:

  • Active Directory administrator DN and passwords
  • Active Directory address

 

Domain configuration

At beginning create the domain addomain.example.com:

zmprov cd addomain.example.com

We configure Active Directory authentication:

 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapBindDn '%u@addomain.local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBase 'CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindDn 'CN=Administrator,CN=Users,DC=addomain,DC=local'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchBindPassword 'Administrator_password_in_AD'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapSearchFilter '(samaccountname=%u)'
 zmprov md adzimbraosedemo.int.intalio.pl zimbraAuthLdapURL 'ldaps://ad.addomain.local:636'

where:

  • zimbraAuthLdapBindDn - DNLDAP usedbind indn Activefor Directoryldap auth mech
  • zimbraAuthLdapSearchBase - theLDAP search base wherefor usersldap willauth be searched formech
  • zimbraAuthLdapSearchBindDn - user with administrator rigths used toLDAP search inbind ADdn for ldap auth mech
  • zimbraAuthLdapSearchBindPassword - administratorLDAP usersearch bind password for ldap auth mech
  • zimbraAuthLdapSearchFilter - LDAP search filter for ldap auth mech
  • zimbraAuthLdapURL - addressLDAP ofURL thefor Activeldap Directoryauth servermech

ZImlet configuration

In this step we configure custom authentication for addomain.example.com:

 zmprov md addomain.example.com zimbraAuthMech 'custom:ZIADPassword'
 zmprov md addomain.example.com zimbraPasswordChangeListener ZIADChangePassword

After this ZI-ADPassword istakes responsiblecontrol forover the authentication process and password changing requests.

Last step is to installInstall Active Directory server certificate:certificate on every mailbox:

/opt/zimbra/common/bin/keytool -import -alias adserwer -keystore /opt/zimbra/common/etc/java/cacerts -trustcacerts -file /tmp/ad_cert.crt

 Restart all mailboxes:

zmmailboxdctl restart
Back to top