LDAP/Active Directory

From XMission Wiki
Revision as of 07:07, 21 January 2016 by John (talk | contribs) (Created page with "XMission hosted Zimbra LDAP/Active Directory Integration General information: Any Zimbra domain hosted by XMission can have either authentication or GAL synchronization conn...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

XMission hosted Zimbra LDAP/Active Directory Integration

General information:

Any Zimbra domain hosted by XMission can have either authentication or GAL synchronization connected to an external LDAP or ActiveDirectory (AD) server. These are two independent features (external auth, external gal sync), but share most of the same configuration. Customers commonly want both.

Requirements:

This is what is required to configure external authentication and external GAL sync for XMission hosted Zimbra domains:

  • Confirm XMission will authenticate against customer ActiveDirectory. [ ] Yes [ ] No
  • Confirm XMission will get the GAL from customerActiveDirectory. [ ] Yes [ ] No
  • Provide customer ActiveDirectory server name(s) and port (3269 is the default AD port)
  • SSL must be enabled.
  • What is the customer ActiveDirectory domain name.
  • Provide customer ActiveDirectory bind domain name / password.
  • Customer to provide username/password to test authentication against.
    • This can be temporary for the purposes of configuring AD, no need to reveal credentials for real users.
  • Customer firewall must allow traffic from 166.70.13.0/24 (mail subnet where XMission Zimbra lives) to the above server/port. Has this been completed? [ ] Yes [ ] No

Please use https://secrets.xmission.com to share any sensitive data

Notes:

  • The GAL can be synchronized to *both* LDAP/AD and the normal internal Zimbra if desired. This can be useful for distribution lists that aren't in AD.
  • For the GAL sync, XMission will default to a filter of (mail=*) and a search base derived from the AD domain name (ie dc=customerdomain,dc=local if the domain is customerdomain.local), but these values can be changed if needed.

Testing:

XMission strongly recommend testing functionality. To do this the customer should make a test domain and verify functionality. Testing authentication is critical. Once testing has completed we recreate the settings on the real customer domain and re-verify.