External LDAP authentication with zimbraAuthLdapExternalDn: Difference between revisions
Line 25: | Line 25: | ||
With the red we see where to write the bindDN of the account we will use for the setup. More information on the syntax of this value can be found in /opt/zimbra/docs/externalldapauth.txt. Excerpt from that file: | With the red we see where to write the bindDN of the account we will use for the setup. More information on the syntax of this value can be found in /opt/zimbra/docs/externalldapauth.txt. Excerpt from that file: | ||
Account attribute zimbraAuthLdapExternalDn | Account attribute zimbraAuthLdapExternalDn | ||
Unlike (A) and (B), which are domain settings, this is an account level setting. | Unlike (A) and (B), which are domain settings, this is an account level setting. | ||
Line 40: | Line 38: | ||
%d => zimbra.com | %d => zimbra.com | ||
%D => dc=zimbra,dc=com | %D => dc=zimbra,dc=com | ||
'''example for zimbraAuthLdapBindDn:''' uid=%u,ou=people,%D (whatever LDAP DIT structure they are using) | |||
example for zimbraAuthLdapBindDn: uid=%u,ou=people,%D (whatever LDAP DIT structure they are using) | |||
---- | |||
2. Create a user in AD. | 2. Create a user in AD. | ||
Line 50: | Line 47: | ||
---- | |||
3. View of the AD user from Softerra LDAP browser. | 3. View of the AD user from Softerra LDAP browser. | ||
Line 56: | Line 53: | ||
---- | |||
4. After the above steps are completed we can test the configuration by logging with the zimbra user that does not exists in AD. | 4. After the above steps are completed we can test the configuration by logging with the zimbra user that does not exists in AD. |
Revision as of 22:49, 23 September 2015
How to configure external LDAP authentication with zimbraAuthLdapExternalDn
External LDAP authetication ( zimbraAuthLdapExternalDn )
More information on how to configure Zimbra with AD can be found: [here]
Solution
The idea behind this type of authentication is to use a zimbra user that does not exists in AD, but at the same time to be able to login to his WebUI using already existing AD user.
How to steps:
1. Create user test@example.com
With the red we see where to write the bindDN of the account we will use for the setup. More information on the syntax of this value can be found in /opt/zimbra/docs/externalldapauth.txt. Excerpt from that file:
Account attribute zimbraAuthLdapExternalDn Unlike (A) and (B), which are domain settings, this is an account level setting. This overrides the bind template and/or search setting, and directly contains the DN for the user in the external ldap server. zimbraAuthLdapBindDn and zimbraAuthLdapSearchFilter can contain expansion variables that are to be substituted by components in the account name: %n = username with @ (or without, if no @ was specified) %u = username with @ removed %d = domain as foo.com %D = domain as dc=foo,dc=com e.g. for user pshao@zimbra.com %n => pshao@zimbra.com %u => pshao %d => zimbra.com %D => dc=zimbra,dc=com example for zimbraAuthLdapBindDn: uid=%u,ou=people,%D (whatever LDAP DIT structure they are using)
2. Create a user in AD.
3. View of the AD user from Softerra LDAP browser.
4. After the above steps are completed we can test the configuration by logging with the zimbra user that does not exists in AD.