Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Active Directory integration

  1. #1
    alexz is offline Active Member
    Join Date
    Oct 2005
    Posts
    46
    Rep Power
    9

    Default Active Directory integration

    Is there a document that explains how to integrate authentication with active directory? I looked through the admin guide but there was a vague mention of this feature. When creating a mailbox is there some way of mapping a particular user account to an AD account?
    Sincerely,

    Alex

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    It's pretty simple. Just login to the admin UI. There is an option to set up Active Directory Auth and/or GAL access. Ideally you make the account names the same in both AD and Zimbra. If you don't then it'll be a bit harder since you'd need to have some mapping in your LDAP filter, or add an attr to AD for the zimbra ID.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    jamesregional is offline New Member
    Join Date
    Feb 2006
    Posts
    3
    Rep Power
    9

    Thumbs up there is and there isn't

    We have just been setting this today:

    install zimbra using all the defaults, then;
    in the admin control panel select "Domains"
    and configure GAL (Global Address List)
    and Authentication, and set both to external/AD
    configure GAL to use external only (otherwise you will end up with duplicate users).
    The ldap server is the IP of one of your AD servers.
    you will then use the search filter found on page 31 and 32 of the admin guide, add an extra ")" at the end of this filter because of a typo in the manual.
    At the bottom change the DC to match your AD domain: eg: DC=domain,DC=local
    Create a user on your AD, that you will not use, eg: zimbrauser, and with a password, use this account to BIND to active directory.
    This will pull in the user list.
    Configure "Authentication" in the same way.
    WARNING: if you do this, you will also need to enable fallback authentication, otherwise the admin user will FAIL
    on the server, su to zimbra user
    and use this command:
    zmprov md zimbraAuthFallbackToLocal TRUE
    (replacing domain with the email domain you are using

  4. #4
    alexz is offline Active Member
    Join Date
    Oct 2005
    Posts
    46
    Rep Power
    9

    Default

    Ok, thanks. I will try this. Just to clarify, our internal AD domain is domain.intranet but the Internet e-mail (and Zimbra account) will be name@outsidedomain.com

    Does this have any effect on the instructions above?
    Sincerely,

    Alex

  5. #5
    bobby is offline Zimbra Employee
    Join Date
    Nov 2005
    Posts
    518
    Rep Power
    10

    Default

    WARNING: if you do this, you will also need to enable fallback authentication, otherwise the admin user will FAIL
    this will not be necessary unless the admin account is in the main user domain (admin@domain.com) instead of the domain of the machine's hostname (admin@host.domain.com). even if it is, you can also provision the admin account in that domain on AD

  6. #6
    mintra is offline Special Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    117
    Rep Power
    9

    Default More clarification required

    you will then use the search filter found on page 31 and 32 of the admin guide, add an extra ")" at the end of this filter because of a typo in the manual.

    The current manual does not have this on page 31 and 32 maybe it is later however I managed to cut the sample from the help and this got me further then you are asked:

    Please supply a serach term. There is not explaination of what may be required here. I suppose if I had a full undrerstanding of LDAP this would not be an issue.

    What do I put in this search term thing??

    John

  7. #7
    's Avatar
     is offline Project Contributor
    Join Date
    Nov 2007
    Location
    Brasil - São Paulo
    Posts
    25
    Rep Power
    7

    Default It is just what we want to know

    Quote Originally Posted by KevinH View Post
    It's pretty simple. Just login to the admin UI. There is an option to set up Active Directory Auth and/or GAL access. Ideally you make the account names the same in both AD and Zimbra. If you don't then it'll be a bit harder since you'd need to have some mapping in your LDAP filter, or add an attr to AD for the zimbra ID.
    Kevin, I have just this problem. How should I create this mapping?

  8. #8
    ubux is offline Member
    Join Date
    Jan 2009
    Posts
    10
    Rep Power
    6

    Default Can't Login

    Hi! I'm trying to setup Active Directory authentication on my ZimbraCS for ubuntu 8.04.
    I'm configured AD authentication in ZimbraAdmin and take the PASS test, but when I try to login to zimbra with my AD account I have message "Wrong login or password"! Can you help me? Sorry for my English)
    And I have nothing about it in my /var/log/zimbra.log
    Last edited by ubux; 01-20-2009 at 02:04 AM.

  9. #9
    enterprisetoday is offline Intermediate Member
    Join Date
    Jun 2007
    Location
    Brisbane
    Posts
    17
    Rep Power
    8

    Default

    Hi ubux,
    I'm assuming that the following suggestion from KevinH:

    Ideally you make the account names the same in both AD and Zimbra.
    Means you'll have to populate zimbra's ldap with usernames from Active Directory. If this is the case, then you can import a CSV text file (Excel can create these) of usernames from AD.
    So enabling GAL and Auth for a particular domain name isn't 'enough'.. there has to be an entry in zimbra itself that matches the AD user.

    Dallas
    Last edited by enterprisetoday; 01-21-2009 at 09:51 PM. Reason: Polish ;)

  10. #10
    ubux is offline Member
    Join Date
    Jan 2009
    Posts
    10
    Rep Power
    6

    Default

    Quote Originally Posted by enterprisetoday View Post
    Hi ubux,
    I'm assuming that the following suggestion from KevinH:



    Means you'll have to populate zimbra's ldap with usernames from Active Directory. If this is the case, then you can import a CSV text file (Excel can create these) of usernames from AD.
    So enabling GAL and Auth for a particular domain name isn't 'enough'.. there has to be an entry in zimbra itself that matches the AD user.

    Dallas
    Thanks for your ansver!
    I have already solved this problem by using own BASH script which sync my AD users and aliases...

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Replies: 1
    Last Post: 05-28-2008, 04:18 AM
  2. GAL not working with Active Directory
    By ardiederich in forum Installation
    Replies: 13
    Last Post: 02-12-2008, 08:01 PM
  3. centos 5 zimbra 4.5.6 no statistics
    By rutman286 in forum Installation
    Replies: 9
    Last Post: 08-14-2007, 09:30 AM
  4. Integration between zimbra & Windows Active Directory
    By mansuper in forum Administrators
    Replies: 1
    Last Post: 08-17-2006, 09:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •