LDAP Authentication

Revision as of 12:45, 18 April 2007 by So8Fqu (talk | contribs)

Zimbra permits the use of external LDAP servers per domain for end user authentication. Zimbra user accounts are mapped to LDAP accounts on an external host using an LDAP query filter. Though it is always a good idea to use an LDAP search base, it may not be required by your LDAP server.


LDAP filter

Zimbra will use an LDAP query filter to map user accounts to entries on the external LDAP server. For example, Zimbra user usera@domain.com might be mapped to an entry in the external LDAP server having a uid attribute value of 'usera', mail attribute of 'usera@domain.com' and an objectClass of 'OrganizationalPerson'. Only a single unique attribute is required to successfully map Zimbra accounts.

To set the LDAP query filter, you will need a substitution variable and an attribute on the external LDAP server to search. The substitution variable is obtained from the 'Username' box on the user login page. Possible substitution variables are (e.g., usera@domain.com):

%n = username with @ symbol - returns 'usera@domain.com'
%u = username without the @ - returns 'usera'
%d = domain - returns 'domain.com'
%D = domain as dc=domain,dc=com - this is a common format for directories such as Active Directory and OpenLDAP

Examples

Possible filters for OpenLDAP

(uid=%u) - The user has a uid attribute value in the external directory equal to the user portion of the Zimbra user account.
(uid=%n) - Entire Zimbra user account is used to identify user in the external directory.
(
Retrieved from "http://wiki.zimbra.com/index.php?title=LDAP_Authentication&oldid=4835"
Jump to: navigation, search