External ldap, friend or foe?

[greavr]

Hi everyone,

We're looking into implenting a complete overall of the IT systems in place. Taking everything from M$ to linux based. From the email server, PDC and file server. However the users will still be using XP.

To make things easier i am trying to create a central LDAP from which everything authenicates against.

So I was wondering is it possible to do this with zimbra, if so can it:
a) auto create users in zimbra when they are created in Samba
b) be able to link to a secondary LDAP server should the first fail

Im looking forward to setting this system up and have high hopes from zimbra.

Thanks for your help on this.

Rick

[kirme3]

Using external ldap for Zimbra authentication definitely works. However, it would be up to you to figure out how to have user's auto created in Zimbra. The usual recommended option is to have the ldap server do a SOAP call to the Zimbra server to create new users as is needed. Another option is to have the ldap server ssh to the zimbra server to run the zmprov command and create/edit/delete...etc.. users.

As for linking to a secondary ldap server, that is also doable. I'm not sure if the auth only tries the second upon a failure of the first, or if both of them are used, though.

Here's more info from the wiki:
LDAP Authentication - Zimbra :: Wiki

[shideg]

As for linking to a secondary ldap server, that is also doable. I'm not sure if the auth only tries the second upon a failure of the first, or if both of them are used, though.

Here's more info from the wiki:
LDAP Authentication - Zimbra :: Wiki

There is nothing on that Wiki page describing secondary external authentication & failover, nor have I found a way to do this in the admin web GUI.

Is this actually an option?

We will soon be migrating from an LDAP server to Active Directory, and I need to be able to have Zimbra try AD then LDAP in succession for user authentication.

Thanks.

--Steve Hideg
Saint Mary's College

[rsharpe]

In the admin console you can setup the domain to do external authentication, its very easy just follow the wizard.

[shideg]

In the admin console you can setup the domain to do external authentication, its very easy just follow the wizard.

I need to set up more than one external server. I see an "Add URL" button. That would let me point zimbra to multiple LDAP servers, but what if one is an Active Directory server and one is an iPlanet LDAP server?

There's only one field for an LDAP filter and one field for search base, but the DITs and schemas of the two servers are necessarily different. It doesn't appear that such a situation can be accommodated in that part of the GUI.

Can this scenario be accommodated? Two external servers:

Try authenticating against an Active Directory Server.

If that fails, try authenticating against an LDAP server (with a different DIT structure and schema).

Thanks.