Active Directory Integration

[yohanes]

Hi guys can someone point me. How that we can integrate zimbra with active directory ? Thx You. Will really appreciate if there is step by step guide.

Where do you find your DN user name and Password in active directory ?

[mmorse]

Welcome to the forums,

To start you off: LDAP Active Directory - ZimbraWiki
This doc has more than just it's name might suggest: LDAP Authentication - ZimbraWiki
Then: /docs/ne/latest/administration_guide/5_Zimbra_LDAP.5.1.html#1038793

You might only need DC=mydomain,DC=com

Some possible AD bind DNs:
cn=administrator,cn=Users,dc=domain,dc=com - DN format
administrator@domain.com - User principal name format
It depends if you set 'use DN/Password to bind to external server' to Yes

URL: ldap://ad.server.domain.or.ip.com:389
user: %u@domain.com
pass: password


It's best if you create a user that can see all user objects in the AD schema.

You will need to provision (create) the users in your zimbra setup first, see:
Zmprov - ZimbraWiki
Zmprov Examples - ZimbraWiki
Bulk Provisioning - ZimbraWiki

Want the process to be better automated? -make an RFE in Bugzilla -this person never did:
/forums/administrators/11284-strange-times-ad-integration.html
Also related (same person, again no RFE was made):
/forums/installation/11207-why-cant-zimbra-get-users-ad.html

GAL: Zimbra Directory Service (LDAP) - ZimbraWiki

[yohanes]

hi mmorse do you know where i can find the dn username and password in acticve directory thing? I cant find username and password for dn.

ldifde -f c:\export.txt

didnt show any password.
Would really appreciate if you can point me what exactly the username and password for this.

Basically i just create zimbrauser as the username and at it as the administrator group.

#############################################
c:\export.txt
#############################################

dn: DC=crap,DC=local
changetype: add
objectClass: top
objectClass: domain
objectClass: domainDNS
distinguishedName: DC=crap,DC=local
instanceType: 5
whenCreated: 20070924054456.0Z
whenChanged: 20070924083725.0Z
subRefs: DC=ForestDnsZones,DC=crap,DC=local
subRefs: DC=DomainDnsZones,DC=crap,DC=local
subRefs: CN=Configuration,DC=crap,DC=local
uSNCreated: 4098
uSNChanged: 12390
name: crap
objectGUID:: Bx7qCEBhW0ehJa43otD03w==
creationTime: 128345766345468750
forceLogoff: -9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
maxPwdAge: -37108517437440
minPwdAge: -864000000000
minPwdLength: 7
modifiedCountAtLastProm: 0
nextRid: 1001
pwdProperties: 1
pwdHistoryLength: 24
objectSid:: AQQAAAAAAAUVAAAAw3IRhxhwBwv63qs5
serverState: 1
uASCompat: 1
modifiedCount: 123
auditingPolicy:: AAE=
nTMixedDomain: 1
rIDManagerReference: CN=RID Manager$,CN=System,DC=crap,DC=local
fSMORoleOwner:
CN=NTDS Settings,CN=CRAP2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=crap,DC=local
systemFlags: -1946157056
wellKnownObjects:
B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=crap,DC=local
wellKnownObjects:
B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft ,CN=Program Data,DC=crap,DC=
local
wellKnownObjects:
B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=crap,DC=local
wellKnownObjects:
B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSe curityPrincipals,DC=crap,DC=
local
wellKnownObjects:
B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=crap,DC=local
wellKnownObjects:
B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastru cture,DC=crap,DC=local
wellKnownObjects:
B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFo und,DC=crap,DC=local
wellKnownObjects:
B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC =crap,DC=local
wellKnownObjects:
B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,DC=crap,DC=local
wellKnownObjects:
B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers ,DC=crap,DC=local
wellKnownObjects:
B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC= crap,DC=local
objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=crap,DC=local
isCriticalSystemObject: TRUE
gPLink:
[LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=cra
p,DC=local;0]
masteredBy:
CN=NTDS Settings,CN=CRAP2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=crap,DC=local
ms-DS-MachineAccountQuota: 10
msDS-Behavior-Version: 0
msDS-PerUserTrustQuota: 1
msDS-AllUsersTrustQuota: 1000
msDS-PerUserTrustTombstonesQuota: 10
msDs-masteredBy:
CN=NTDS Settings,CN=CRAP2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=crap,DC=local
dc: crap

dn: CN=Users,DC=crap,DC=local
changetype: add
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=crap,DC=local
instanceType: 4
whenCreated: 20070924054500.0Z
whenChanged: 20070924054500.0Z
uSNCreated: 4304
uSNChanged: 4304
showInAdvancedViewOnly: FALSE
name: Users
objectGUID:: 1UHnoscKx0ehPwvH1KRwsg==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=crap,DC =local
isCriticalSystemObject: TRUE

dn: CN=Computers,DC=crap,DC=local
changetype: add
objectClass: top
objectClass: container
cn: Computers
description: Default container for upgraded computer accounts
distinguishedName: CN=Computers,DC=crap,DC=local
instanceType: 4
whenCreated: 20070924054500.0Z
whenChanged: 20070924054500.0Z
uSNCreated: 4305
uSNChanged: 4305
showInAdvancedViewOnly: FALSE
name: Computers
objectGUID:: cJThUOOL6UKx3lM+6Oy7cw==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=crap,DC =local
isCriticalSystemObject: TRUE

dn: OU=Domain Controllers,DC=crap,DC=local
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: Domain Controllers
description: Default container for domain controllers
distinguishedName: OU=Domain Controllers,DC=crap,DC=local
instanceType: 4
whenCreated: 20070924054500.0Z
whenChanged: 20070924054500.0Z
uSNCreated: 4412
uSNChanged: 4412
showInAdvancedViewOnly: FALSE
name: Domain Controllers
objectGUID:: PcfcqAPMG0uTRMU4pqF8SQ==
systemFlags: -1946157056
objectCategory:
CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=crap,DC=local
isCriticalSystemObject: TRUE
gPLink:
[LDAP://CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=cra
p,DC=local;0]

dn: CN=System,DC=crap,DC=local
changetype: add
objectClass: top
objectClass: container
cn: System
description: Builtin system settings
distinguishedName: CN=System,DC=crap,DC=local
instanceType: 4
whenCreated: 20070924054500.0Z
whenChanged: 20070924054500.0Z
uSNCreated: 4306
uSNChanged: 4306
showInAdvancedViewOnly: TRUE
name: System
objectGUID:: ZgQ6HYiANkWgWMOrNgxU9w==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=crap,DC =local
isCriticalSystemObject: TRUE

dn: CN=LostAndFound,DC=crap,DC=local
changetype: add
objectClass: top
objectClass: lostAndFound
cn: LostAndFound
description: Default container for orphaned objects
distinguishedName: CN=LostAndFound,DC=crap,DC=local
instanceType: 4
whenCreated: 20070924054500.0Z
whenChanged: 20070924054500.0Z
uSNCreated: 4302
uSNChanged: 4302
showInAdvancedViewOnly: TRUE
name: LostAndFound
objectGUID:: 5nZOFczfJEyHky2ZqAtC5g==
systemFlags: -1946157056
objectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=crap,DC=local
isCriticalSystemObject: TRUE

dn: CN=Infrastructure,DC=crap,DC=local
changetype: add
objectClass: top
objectClass: infrastructureUpdate
cn: Infrastructure
distinguishedName: CN=Infrastructure,DC=crap,DC=local
instanceType: 4
whenCreated: 20070924054500.0Z
whenChanged: 20070924054500.0Z
uSNCreated: 4413
uSNChanged: 4413
showInAdvancedViewOnly: TRUE
name: Infrastructure
objectGUID:: m2xAOhz1pEG+2/nDPmdJig==
fSMORoleOwner:
CN=NTDS Settings,CN=CRAP2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=crap,DC=local
systemFlags: -1946157056
objectCategory:
CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=crap,DC=local
isCriticalSystemObject: TRUE

dn: CN=ForeignSecurityPrincipals,DC=crap,DC=local
changetype: add
objectClass: top
objectClass: container
cn: ForeignSecurityPrincipals
description:
Default container for security identifiers (SIDs) associated with objects from
external, trusted domains
distinguishedName: CN=ForeignSecurityPrincipals,DC=crap,DC=local
instanceType: 4
whenCreated: 20070924054500.0Z
whenChanged: 20070924054500.0Z
uSNCreated: 4414
uSNChanged: 4414
showInAdvancedViewOnly: FALSE
name: ForeignSecurityPrincipals
objectGUID:: i1wE2Aw950inpGNcigU5zw==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=crap,DC =local
isCriticalSystemObject: TRUE

[yohanes]

Sory guys for the long paste i forgot to paste it on pastebin

pastebin - collaborative debugging tool

[phoenix]

Quote:

Originally Posted by yohanes

didnt show any password.
Would really appreciate if you can point me what exactly the username and password for this.

It's the username that you've just created and , of course, whatever password you gave that user.

[yohanes]

phoenix what exactly is the dn username that i should put in ?
dn: CN=zimbrauser,CN=Users,DC=crap,DC=local
or zimbrauser ?

Do you mind to take alook at the export.txt file and point me out what exactly the format that i need to enter on DN username ? I set the password as test1234

Really appreciate for your help thank you.

[yohanes]

Hi guys anyone know what should i put on the search term ? and what is the username and password for dn ? would really appreciate it if you can tell me directly what it is as we really need to integrate zimbra with active directory by the end of this week. thank you guys.