Carbonio CE 23.2.0 ...
 
Notifications
Clear all

[Solved] Carbonio CE 23.2.0 Active Directory authentication

6 Posts
5 Users
2 Reactions
1,825 Views
(@regul8or)
Joined: 2 years ago
Posts: 16
Topic starter  

Is there a guide somewhere on how to integrate Carbonio CE 23.2.0 with Active Directory, like this one? I understand basic commands like zmprov are now changed.


   
layer.five reacted
Quote
layer.five
(@layer-five)
Joined: 2 years ago
Posts: 1
 

I also had the same difficulty and I didn't find any technical reference to solve it.


   
ReplyQuote
 ikd
(@ikd)
Joined: 2 years ago
Posts: 1
 

The same problem. Is there a complete manual how to use carbonio server version 23 with Active Directory users?


   
ReplyQuote
(@zmctl_restart)
Joined: 1 year ago
Posts: 3
 

Hello all,

For those who want to authenticate users from Active Directory

Modify your domain config as follows, Carbonio admin interface is buggy. You can query global catalog for user auth.

As user zextras run the following commands for your domain

carbonio prov md your.domain.tld zimbraAuthMech ad
carbonio prov md your.domain.tld zimbraAuthLdapStartTlsEnabled FALSE
carbonio prov md your.domain.tld zimbraAuthFallbackToLocal TRUE
carbonio prov md your.domain.tld zimbraAuthLdapBindDn %u@your.domain.tld
carbonio prov md your.domain.tld ldaps://your.global.catalog:3269

 

Now domain user blabla@your.domain.tld can login using AD credentials if there is a corresponding mailbox already created .

 

 


   
anahuac reacted
ReplyQuote
(@john_doe)
Joined: 3 years ago
Posts: 61
 

@zmctl_restart Thanks for that - safed me some time.

Someone from Zextras should adopt the UI to allow %u@AD-domain.tld as it is currently not allowed to be stored that way.


   
ReplyQuote
(@regul8or)
Joined: 2 years ago
Posts: 16
Topic starter  

@zmctl_restart Thanks for the commands. I checked with my current Zimbra OSE configuration and come with the following:

carbonio prov md gbustroi.ru zimbraAuthLdapBindDn %u@ad.domain
carbonio prov md gbustroi.ru zimbraAuthLdapSearchBase 'dc=ad,dc=domain'
carbonio prov md gbustroi.ru zimbraAuthLdapSearchBindDn 'CN=zextras,dc=ad,dc=domain'
carbonio prov md gbustroi.ru zimbraAuthLdapSearchBindPassword 'secret'
carbonio prov md gbustroi.ru zimbraAuthLdapSearchFilter '(&(memberOf=CN=Carbonio Users,dc=ad,dc=domain)(sAMAccountName=%u))'
carbonio prov md gbustroi.ru zimbraAuthLdapURL ldap://ldap.ad.domain:389
carbonio prov md gbustroi.ru zimbraAuthMech ad
carbonio prov md gbustroi.ru zimbraAuthFallbackToLocal FALSE

This is also allows to authenticate only those users who are members of the certain group


   
ReplyQuote