Zimbra authentication with Samba4 Active Directory

By | April 16, 2016

zimbra-logo

In our previous post, we learned How to install Zimbra Collaboration Suite 8.6 on CentOS 7, now we will configure Zimbra authentication with Samba4 Active Directory (or Windows Active Directory).

 

Zimbra has 3 authentication mode as below:

  1. Internal – The internal Zimbra ldap
  2. External Active Directory
  3. External LDAP

Here we will use Samba4 as Active Directory to authenticate with Zimbra.

– Go to Zimbra Admin | Configure | Domains. Right click on domain and select Configure Authentication

– Select External Active Directory and Next

Zimbra authentication with Active Directory - 1
On Active Directory Settings, enter your Samba4 domain (or AD domain), IP address and port:

Zimbra authentication with Active Directory - 2
On LDAP Bind page, leave it as it is and click Next:
Zimbra authentication with Active Directory - 3
On Authentication Summary page, enter the domain administrator id and password. ( You can use a normal user id which should be part of Domain Admin group.)

Zimbra authentication with Active Directory - 4
On External Group Setting page, leave it as it is and click Next:
Zimbra authentication with Active Directory - 5

Click Finish to close the Wizard. Congratulation, your Samba4 (or Windows AD) domain authentication completed successfully.
Zimbra authentication with Active Directory - 6
Even though, you have successfully authenticated Zimbra with Samba4 Active Directory, you still need to create mailboxes in Zimbra manually. This process is called Auto Provisioning Email Accounts.

Here will configure how to use auto-provisioning. Create file with name autoprovision.zmp on folder /tmp/

What you need to change:
zimbraAutoProvLdapAdminBindDn
zimbraAutoProvLdapAdminBindPassword
zimbraAutoProvLdapSearchBase
zimbraAutoProvLdapURL

zimbraAutoProvMode : In Zimbra Auto-Provisioning divided become 2 mode:

  1. Eager mode – Here zimbra will check users of external AD at every regular intervals (as defined in “zimbraAutoProvPollingInterval”, here it is 1 min) and create mailboxes in Zimbra. We will using the Eager mode.
  2. Lazy mode.  Here Zimbra will not create mailboxes until users of external AD login via webmail and Zimbra will automatically create mailboxes for that users.

Execute the file:

Note: There is no need to restart Zimbra Services.

Check Zimbra mailbox log file:

To verify, if mailboxes are created or not, examine the /opt/zimbra/log/mailbox.log file.

before running the script:

after running the script:

You can also verify the new mailboxes from Zimbra Admin Console – Zimbra Admin > Manage.

Leave a Reply

Your email address will not be published. Required fields are marked *