| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
02-05-2006, 09:42 AM
| | |  Active Directory integration
Is there a document that explains how to integrate authentication with active directory? I looked through the admin guide but there was a vague mention of this feature. When creating a mailbox is there some way of mapping a particular user account to an AD account?
__________________
Sincerely,
Alex
|
02-05-2006, 10:13 AM
| | Zimbra Employee | |
Posts: 4,792
| |
It's pretty simple. Just login to the admin UI. There is an option to set up Active Directory Auth and/or GAL access. Ideally you make the account names the same in both AD and Zimbra. If you don't then it'll be a bit harder since you'd need to have some mapping in your LDAP filter, or add an attr to AD for the zimbra ID. |
02-05-2006, 10:16 AM
| | |  there is and there isn't
We have just been setting this today:
install zimbra using all the defaults, then;
in the admin control panel select "Domains"
and configure GAL (Global Address List)
and Authentication, and set both to external/AD
configure GAL to use external only (otherwise you will end up with duplicate users).
The ldap server is the IP of one of your AD servers.
you will then use the search filter found on page 31 and 32 of the admin guide, add an extra ")" at the end of this filter because of a typo in the manual.
At the bottom change the DC to match your AD domain: eg: DC=domain,DC=local
Create a user on your AD, that you will not use, eg: zimbrauser, and with a password, use this account to BIND to active directory.
This will pull in the user list.
Configure "Authentication" in the same way.
WARNING: if you do this, you will also need to enable fallback authentication, otherwise the admin user will FAIL
on the server, su to zimbra user
and use this command:
zmprov md zimbraAuthFallbackToLocal TRUE
(replacing domain with the email domain you are using  |
02-05-2006, 10:23 AM
| | |
Ok, thanks. I will try this. Just to clarify, our internal AD domain is domain.intranet but the Internet e-mail (and Zimbra account) will be name@outsidedomain.com
Does this have any effect on the instructions above?
__________________
Sincerely,
Alex
|
02-07-2006, 03:58 PM
| | Zimbra Employee | |
Posts: 515
| |
Quote: |
WARNING: if you do this, you will also need to enable fallback authentication, otherwise the admin user will FAIL
| this will not be necessary unless the admin account is in the main user domain (admin@domain.com) instead of the domain of the machine's hostname (admin@host.domain.com). even if it is, you can also provision the admin account in that domain on AD |
02-08-2006, 01:54 PM
| | Special Member | |
Posts: 110
| | More clarification required
you will then use the search filter found on page 31 and 32 of the admin guide, add an extra ")" at the end of this filter because of a typo in the manual.
The current manual does not have this on page 31 and 32 maybe it is later however I managed to cut the sample from the help and this got me further then you are asked:
Please supply a serach term. There is not explaination of what may be required here. I suppose if I had a full undrerstanding of LDAP this would not be an issue.
What do I put in this search term thing??
John |
03-28-2008, 11:33 AM
| | Project Contributor | |
Posts: 25
| | It is just what we want to know
Quote:
Originally Posted by KevinH  It's pretty simple. Just login to the admin UI. There is an option to set up Active Directory Auth and/or GAL access. Ideally you make the account names the same in both AD and Zimbra. If you don't then it'll be a bit harder since you'd need to have some mapping in your LDAP filter, or add an attr to AD for the zimbra ID. | Kevin, I have just this problem. How should I create this mapping? |
01-20-2009, 12:55 AM
| | | Can't Login
Hi! I'm trying to setup Active Directory authentication on my ZimbraCS for ubuntu 8.04.
I'm configured AD authentication in ZimbraAdmin and take the PASS test, but when I try to login to zimbra with my AD account I have message "Wrong login or password"! Can you help me? Sorry for my English)
And I have nothing about it in my /var/log/zimbra.log
Last edited by ubux; 01-20-2009 at 01:04 AM..
|
01-21-2009, 08:51 PM
| | Intermediate Member | |
Posts: 17
| |
Hi ubux,
I'm assuming that the following suggestion from KevinH: Quote: |
Ideally you make the account names the same in both AD and Zimbra.
| Means you'll have to populate zimbra's ldap with usernames from Active Directory. If this is the case, then you can import a CSV text file (Excel can create these) of usernames from AD.
So enabling GAL and Auth for a particular domain name isn't 'enough'.. there has to be an entry in zimbra itself that matches the AD user.
Dallas
Last edited by enterprisetoday; 01-21-2009 at 08:51 PM..
Reason: Polish ;)
|
01-21-2009, 11:48 PM
| | |
Quote:
Originally Posted by enterprisetoday Hi ubux,
I'm assuming that the following suggestion from KevinH:
Means you'll have to populate zimbra's ldap with usernames from Active Directory. If this is the case, then you can import a CSV text file (Excel can create these) of usernames from AD.
So enabling GAL and Auth for a particular domain name isn't 'enough'.. there has to be an entry in zimbra itself that matches the AD user.
Dallas | Thanks for your ansver!
I have already solved this problem by using own BASH script which sync my AD users and aliases... | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
