Is there a guide somewhere on how to integrate Carbonio CE 23.2.0 with Active Directory, like this one? I understand basic commands like zmprov are now changed.
I also had the same difficulty and I didn't find any technical reference to solve it.
The same problem. Is there a complete manual how to use carbonio server version 23 with Active Directory users?
Hello all,
For those who want to authenticate users from Active Directory
Modify your domain config as follows, Carbonio admin interface is buggy. You can query global catalog for user auth.
As user zextras run the following commands for your domain
carbonio prov md your.domain.tld zimbraAuthMech ad carbonio prov md your.domain.tld zimbraAuthLdapStartTlsEnabled FALSE carbonio prov md your.domain.tld zimbraAuthFallbackToLocal TRUE carbonio prov md your.domain.tld zimbraAuthLdapBindDn %u@your.domain.tld carbonio prov md your.domain.tld ldaps://your.global.catalog:3269
Now domain user blabla@your.domain.tld can login using AD credentials if there is a corresponding mailbox already created .
@zmctl_restart Thanks for that - safed me some time.
Someone from Zextras should adopt the UI to allow %u@AD-domain.tld as it is currently not allowed to be stored that way.
@zmctl_restart Thanks for the commands. I checked with my current Zimbra OSE configuration and come with the following:
carbonio prov md gbustroi.ru zimbraAuthLdapBindDn %u@ad.domain carbonio prov md gbustroi.ru zimbraAuthLdapSearchBase 'dc=ad,dc=domain' carbonio prov md gbustroi.ru zimbraAuthLdapSearchBindDn 'CN=zextras,dc=ad,dc=domain' carbonio prov md gbustroi.ru zimbraAuthLdapSearchBindPassword 'secret' carbonio prov md gbustroi.ru zimbraAuthLdapSearchFilter '(&(memberOf=CN=Carbonio Users,dc=ad,dc=domain)(sAMAccountName=%u))' carbonio prov md gbustroi.ru zimbraAuthLdapURL ldap://ldap.ad.domain:389 carbonio prov md gbustroi.ru zimbraAuthMech ad carbonio prov md gbustroi.ru zimbraAuthFallbackToLocal FALSE
This is also allows to authenticate only those users who are members of the certain group