LDAP Authentication

Revision as of 14:55, 7 August 2006 by Jason (talk | contribs) (LDAP filter)

Zimbra permits the use of external LDAP servers per domain for end user authentication. Zimbra user accounts are mapped to LDAP accounts on an external host using an LDAP query filter. Though it is always a good idea to use an LDAP search base, it may not be required by your LDAP server.


LDAP filter

Everything you need to know about LDAP query filters will be located here.

LDAP search base

This will contain everything you need to know about using an LDAP search base.

Configuring external LDAP authentication

In in the "Configuration" section of the administration console.

  1. Expand "Domains" and select the domain for which to configure authentication.
  2. Click "Configure Authentication" to initiate the Authentication Configuration Wizard.
  3. Select "External LDAP" for "Authentication Mechanism". Click "Next".
  4. In the LDAP URL box, type the fully qualified hostname (FQDN) or IP address of the external LDAP server. Specify the LDAP port if required (default 389). Check "Use SSL" if the external LDAP server is configured for LDAP over SSL (LDAPS).
  5. Specify the query filter in the "LDAP filter" box.
  6. Specify the search base in the "LDAP search base" box. Click "Next".
  7. If the external LDAP server allows anonymous queries to the directory, click "Next" and skip to step 10. Otherwise, check the box for "Use DN/Password to bind to external server".
  8. In the "Bind DN" box, specify the distinguished name of a user with search permissions on the directory.
  9. Enter the bind password in the "Bind password" and "Confirm bind password" boxes. Click "Next".
  10. Review and confirm the authentication settings, then test the configuration by supplying a username and password in the boxes provided.

The easiest way to do LDAP authentication from a 3rd party application is to simply "bind" as the user intended.

Most applications do this by using a search, finding the valid user credentials and then binding as that specific user. Therefore the application doing the authentication needs to bind to the system first to do that search.


See LDAP Apache as a simple example

Jump to: navigation, search