Difference between revisions of "LDAP Authentication"

(LDAP search base)
(LDAP filter)
Line 3: Line 3:
  
 
== LDAP filter ==
 
== LDAP filter ==
Everything you need to know about LDAP query filters will be located here.
+
Zimbra will use an LDAP query filter to map user accounts to entries on the external LDAP server.  For example, Zimbra user usera@domain.com might be mapped to an entry in the external LDAP server having a uid attribute value of 'usera', mail attribute of 'usera@domain.com' and an objectClass of 'OrganizationalPerson'.  Only a single unique attribute is required to successfully map Zimbra accounts.
 +
 
 
== LDAP search base ==
 
== LDAP search base ==
 
This will contain everything you need to know about using an LDAP search base.
 
This will contain everything you need to know about using an LDAP search base.

Revision as of 17:52, 7 August 2006

Zimbra permits the use of external LDAP servers per domain for end user authentication. Zimbra user accounts are mapped to LDAP accounts on an external host using an LDAP query filter. Though it is always a good idea to use an LDAP search base, it may not be required by your LDAP server.


LDAP filter

Zimbra will use an LDAP query filter to map user accounts to entries on the external LDAP server. For example, Zimbra user usera@domain.com might be mapped to an entry in the external LDAP server having a uid attribute value of 'usera', mail attribute of 'usera@domain.com' and an objectClass of 'OrganizationalPerson'. Only a single unique attribute is required to successfully map Zimbra accounts.

LDAP search base

This will contain everything you need to know about using an LDAP search base.

LDAP bind DN

Configuring external LDAP authentication

In in the "Configuration" section of the administration console.

  1. Expand "Domains" and select the domain for which to configure authentication.
  2. Click "Configure Authentication" to initiate the Authentication Configuration Wizard.
  3. Select "External LDAP" for "Authentication Mechanism". Click "Next".
  4. In the LDAP URL box, type the fully qualified hostname (FQDN) or IP address of the external LDAP server. Specify the LDAP port if required (default 389). Check "Use SSL" if the external LDAP server is configured for LDAP over SSL (LDAPS).
  5. Specify the query filter in the "LDAP filter" box.
  6. Specify the search base in the "LDAP search base" box. Click "Next".
  7. If the external LDAP server allows anonymous queries to the directory, click "Next" and skip to step 10. Otherwise, check the box for "Use DN/Password to bind to external server".
  8. In the "Bind DN" box, specify the distinguished name of a user with search permissions on the directory.
  9. Enter the bind password in the "Bind password" and "Confirm bind password" boxes. Click "Next".
  10. Review and confirm the authentication settings, then test the configuration by supplying a username and password in the boxes provided.

The easiest way to do LDAP authentication from a 3rd party application is to simply "bind" as the user intended.

Most applications do this by using a search, finding the valid user credentials and then binding as that specific user. Therefore the application doing the authentication needs to bind to the system first to do that search.


See LDAP Apache as a simple example

Jump to: navigation, search