I am in the process of setting up a central Ldap server that will serve as a central authentication (username/password) repository. I have been looking for a simple way to enable a SSO solution that Zimbra and several other portal applications (all can use Ldap) can use in order to provide the end-user with a single sign-on experience.
My current idea is to simply pass login/password credentials to zimbra (before loading zimbra into a portal tab) - zimbra would accept this login/password programmatically and then envolk a logon command against an external Ldap server. The user would then be redirected to a zimbra session (within the tab) that is logged in and ready to use.
My question is whether or not this seems feasible: I already have a portal environment that includes custom tabs for all applications including zimbra. I can envolk any sort of zimbra provided webservices when the user clicks on the tab (prior to redirecting the tab contents to the zimbra session). I can query the Ldap server for the current user and get the assoicated logon credentials and pass those within said webservice request.
1) Please provide assistance in how I could envolk the zimbra login programatically, preferably via webservices, but also via any PHP/Java script, ect would also be fine.
2) I believe I would also be responsible for maintaining password sync between the local zimbra ldap and the central ldap and would also be responsible for adding and removing users to the local zimbra ldap...is this a correct assumption?
3) If all my applications can utilize the central ldap server and I do not have need for a Microsoft or other domain, is there a better way to enable SSO apart from CAS?
4) Possibly where zimbra (for example) queries the cental portal for the current user (I could provide a webservice) and then authenticates against the external ldap...this is just a twist on the original model. Again what zimbra authentication function could be called (that would accept the username and password provided by the external ldap query)?
Basically I am just hoping that I might enlist some advise as I set out on this process.
I would be happy to share my experiece and methods with the community if that is helpful and not too odd of a solution for central sso.