So I initially installed Zimbra with Internal authentication and am now looking to have it auth against an external ldap server as the samba/posix options now available within Zimbra (Thanks Greg) have certain requirements that do not fit our environment properly.

I've tried searching through the admin guide and quick start and even the wiki, but I just haven't found exactly what I need to change to properly reconfigure zimbra to use external authentication as most information seems to be based from the point of initial installation.

I found these entires in my zmlocalconfig, and I am assuming these are the ones I need to change:
Code:
ldap_host = zimbra.domain.com
ldap_is_master = true
ldap_master_url = ldap://zimbra.domain.com:389
ldap_root_password = *
ldap_url = ldap://zimbra.domain.com:389
But then maybe not as I also see this information in the wiki:
Zimbra Directory Service (LDAP) - ZimbraWiki

regarding external Active Directory authentication.

Or is it just a matter of defining these two attributes via zmprov, and by defining these attributes does this change the authentication mode to External and/or Both?

zimbraAuthLdapURL zimbraAuthLdapBindDn

As explained on this page:

LDAP - ZimbraWiki

which then makes it seem I may need to run the following commands to confiure those attributes:
Code:
zmprov md MYDOMAIN.COM zimbraAuthMech external
zmprov md MYDOMAIN.COM zimbraAuthLdapURL ldap://extldap.mydomain.com:389
zmprov md MYDOMAIN.COM zimbraAuthLdapBinddn cn=admin,dc=mydomain,dc=com
zmprov md MYDOMAIN.COM zimbraAuthLdapFilter "%n, %D"
Or do I set the zimbraAuthMech option to something else for external LDAP?

Or am I totally overcomplicating things and should use the "Configure Authentication" option within the admin GUI under @ Domains in the configuration section?

Lastly I see options for ldaps or "use SSL". From my experience TLS should always be used with OpenLDAP instead of SSL. Is there a way to allow zimbra to use TLS instead of SSL or what looks like the default of no security?