Migrating to External LDAP questions and directions
So I initially installed Zimbra with Internal authentication and am now looking to have it auth against an external ldap server as the samba/posix options now available within Zimbra (Thanks Greg) have certain requirements that do not fit our environment properly.
I've tried searching through the admin guide and quick start and even the wiki, but I just haven't found exactly what I need to change to properly reconfigure zimbra to use external authentication as most information seems to be based from the point of initial installation.
I found these entires in my zmlocalconfig, and I am assuming these are the ones I need to change:
But then maybe not as I also see this information in the wiki:
ldap_host = zimbra.domain.com
ldap_is_master = true
ldap_master_url = ldap://zimbra.domain.com:389
ldap_root_password = *
ldap_url = ldap://zimbra.domain.com:389
Zimbra Directory Service (LDAP) - ZimbraWiki
regarding external Active Directory authentication.
Or is it just a matter of defining these two attributes via zmprov, and by defining these attributes does this change the authentication mode to External and/or Both?
As explained on this page:
LDAP - ZimbraWiki
which then makes it seem I may need to run the following commands to confiure those attributes:
Or do I set the zimbraAuthMech option to something else for external LDAP?
zmprov md MYDOMAIN.COM zimbraAuthMech external
zmprov md MYDOMAIN.COM zimbraAuthLdapURL ldap://extldap.mydomain.com:389
zmprov md MYDOMAIN.COM zimbraAuthLdapBinddn cn=admin,dc=mydomain,dc=com
zmprov md MYDOMAIN.COM zimbraAuthLdapFilter "%n, %D"
Or am I totally overcomplicating things and should use the "Configure Authentication" option within the admin GUI under @ Domains in the configuration section?
Lastly I see options for ldaps or "use SSL". From my experience TLS should always be used with OpenLDAP instead of SSL. Is there a way to allow zimbra to use TLS instead of SSL or what looks like the default of no security?