Unlike the internal authentication mechanism, the external authentication mechanism attempts to bind to the directory server using the supplied user name and password. If this bind succeeds, the connection is closed and the password is considered valid.
The zimbraAuthLdapURL attribute contains the URL of the Active Directory server to bind to. This should be in the form:
where ldapserver is the IP address or host name of the Active Directory server, and
port is the port number. You can also use the fully qualified host name instead of the port number.
For SSL connection, use ldaps: instead of
ldap:. If the SSL version is used, the SSL certificate used by the server must be configured as a trusted certificate.
The zimbraAuthLdapBindDn attribute is a format string used to determine which user name to use when binding to the Active Directory server.
The user name may need to be transformed into a valid LDAP bind dn (distinguished name). In the case of Active Directory, that bind dn might be in a different domain.
The zimbraAuthFallbackToLocal attribute can be enabled so that the system falls back to the ZCS local authentication if external authentication fails. The default is FALSE.
