ZCS Administrator Guide 8.0
ZCS Administrator Guide 8.0
Network Edition

Zimbra LDAP Service > Custom Authentication

Custom Authentication
You can implement a custom authentication to integrate external authentication to your proprietary identity database. When an authentication request comes in, Zimbra checks the designated auth mechanism for the domain. If the auth mechanism is set to custom authentication, Zimbra invokes the registered custom auth handler to authenticate the user.
To set up custom authentication, prepare the domain for the custom auth and register the custom authentication handler.
Preparing a domain for custom auth
To enable a domain for custom auth, set the domain attribute, zimbraAuthMet to custom:{registered-custom-auth-handler-name}.
In the following example, “sample” is the name that custom authentication is registered under.
zmprov modifydomain {domain|id} zimbraAuthMech custom:sample.
Register a custom authentication handler.
To register a custom authentication handler, invoke ZimbraCustomAuth.register [handlerName, handler] in the init method of the
Class: com.zimbra.cs.account.ldap.zimbraCustomAuth
Method: public synchronized static void register [String handlerName, zimbraCustomAuth handler]
handlerName is the name under which this custom auth handler is registered to Zimbra’s authentication infrastructure. This name is set in the domain’s zimbraAuthMech attribute of the domain.
handler is the object on which the authenticate method is invoked for this custom auth handler. The object has to be an instance of zimbraCustomAuth (or subclasses of it).
How Custom Authentication Works
When an authentication request comes in, if the domain is specified to use custom auth, the authenticating framework invokes the authenticate method on the ZimbraCustomAuth instance passed as the handler parameter to ZimbraCustomAuth.register ().
The account object for the principal to be authenticated and the clear-text password entered by the user are passed to ZimbraCustomAuth.authenticate (). All attributes of the account can be retrieved from the account object.
Copyright © 2012 VMware Inc.