King0770-Notes-Access GAL from Clients 6.0: Difference between revisions
m (Adding category) |
No edit summary |
||
Line 31: | Line 31: | ||
===Outside Company's Network=== | ===Outside Company's Network=== | ||
If a user has the need to access the GAL from outside the company network, most likely port 389 will need to be accessible.<br> | If a user has the need to access the GAL from outside the company network, most likely port 389 will need to be accessible.<br> | ||
==startTLS Requirement== | |||
Zimbra 6.0 has the ability to require startTLS (SSL encryption) over ldap connections (not ldaps://).<br> | |||
The security value assigned to startTLS connections depends on the strength of the certificate that the server is using.<br> | |||
You can find the strength of the current cert by examining /var/log/zimbra.log when the ldap log level includes stats logging(256):<br> | |||
<code><pre> | |||
Aug 4 21:42:47 gort slapd[32703]: conn=726 fd=12 TLS established tls_ssf=128 ssf=128 | |||
</pre></code> | |||
This indicates the tls_ssf (startTLS security factor) is 128, so you would use that as the minimum value for the key.<br> | |||
<code><pre> | |||
zmlocalconfig -e ldap_common_require_tls=128 | |||
</pre></code> | |||
[[Category:Community Sandbox]] | [[Category:Community Sandbox]] |
Revision as of 21:04, 3 December 2009
If your users prefer to use client apps like Thunderbird, or Mac's Address book but still needs to access the Zimbra's GAL, here's a proposed workaround.
Configure Client
Disable LDAP anonymous connections
/opt/zimbra/libexec/zmldapanon -d
Example for a Zimbra server called mail.abccompany.com
The settings would have something like this:
Server: mail.abccompany.com
Search Base: ou=people,dc=abccompany,dc=com
Port: 389
Scope: subtree
Authentication for a user with the address of joe@abccompany.com
uid=joe,ou=people,dc=abccompany,dc=com
password: _zimbra_password_
Authentication Type: simple
Outside Company's Network
If a user has the need to access the GAL from outside the company network, most likely port 389 will need to be accessible.
startTLS Requirement
Zimbra 6.0 has the ability to require startTLS (SSL encryption) over ldap connections (not ldaps://).
The security value assigned to startTLS connections depends on the strength of the certificate that the server is using.
You can find the strength of the current cert by examining /var/log/zimbra.log when the ldap log level includes stats logging(256):
Aug 4 21:42:47 gort slapd[32703]: conn=726 fd=12 TLS established tls_ssf=128 ssf=128
This indicates the tls_ssf (startTLS security factor) is 128, so you would use that as the minimum value for the key.
zmlocalconfig -e ldap_common_require_tls=128