Using Zimbra with Active Directory

[elesouef]

Hello Zimbra Forum,

I am currently testing zimbra and think it is a great piece of software.

But, this is not the final goal of it. We are planning to implement it on an active directory environment. I read the chapter in the documentation carefully and what I understand is that when a user is created in AD, it must also be created in zebra.

Is that true ?

What is the purpose of it ?

Thanks for your infos.

[phoenix]

It's because AD doesn't provision accounts in Zimbra and you need the user/mailbox defined to be able to use Zimbra.

[elesouef]

Thank you.

In fact, I'm thinking that having AD on my network is definitely the most horrible thing that happened to it.

You're from Vannes France ? Working Zimbra os so ?

Emmanuel (from Caen, France)

[Klug]

Quote:

Originally Posted by elesouef

In fact, I'm thinking that having AD on my network is definitely the most horrible thing that happened to it.

Unfortunately (if you're thinking of it), it's not possible now to get network auth done by the Zimbra LDAP (there was a thread on that lately).

Quote:

Originally Posted by elesouef

You're from Vannes France ?

He is one of the usurpators (living in France but not French).

[phoenix]

Well, AD has far better management features than any linux offering so if it's got to be there then yiu shouldn't have any problems with authenticating against it.

Yes I'm afraid I'm a foreign import. I was so tempted by the country and it's people that after visiting here on holidays for 20+ plus years I finally moved permanently to France.

[elesouef]

Quote:

Originally Posted by phoenix

Well, AD has far better management features than any linux offering so if it's got to be there then yiu shouldn't have any problems with authenticating against it.

I agree, the problem is getting "everything" to work with it...

Quote:

Originally Posted by phoenix

Yes I'm afraid I'm a foreign import. I was so tempted by the country and it's people that after visiting here on holidays for 20+ plus years I finally moved permanently to France.

Great

[lmineiro]

Quote:

Originally Posted by Klug

Unfortunately (if you're thinking of it), it's not possible now to get network auth done by the Zimbra LDAP (there was a thread on that lately).

Not correct. I have been playing with pGina on XP and 2003 boxes and I'm able to use Zimbra LDAP as the auth backend for the network. As someone already reported in these forums too, adding the nis.schema to slapd.conf allows you to auth from linux boxes.

the only thing I can't do until now is to allow users to change their password in windows.

Still investigating.

Cheers.

[phoenix]

the fact that you 'can' do something doesn't mean that you should do it. You really shouldn't be using the Zimbra LDAP for anything else other than Zimbra, an upgrade may kill any functions that you're using it for.

[lmineiro]

I believe the only required attributes are core to any LDAP installation (uid and userPassword). Can't see how they would keep using LDAP and remove those.

Offcourse that its totally in their hands to break it all, but why would they? Its in Zimbra's best interest to allow this kind of interaction between tools. I even have some customers who rejected Zimbra because it wasn't "directly" supported - zmbra's LDAP for network auth.

In the end, I was only stating that as of now, in the current version IT IS indeed possible. And as soons as its fully working and in production, I have no intentions to mess with it anyhow (If its not broken, don't fix it).

Cheers.

[Klug]

We're in IT, everything is possible and you know it.

I still don't think it's not a good idea, Bill explained very well why.