I've added a few domains.
For some, I decided to use external LDAP authentication using zimbraAuthLdapSearchFilter and zimbraAuthLdapSearchBindDn.
But authentication only uses the primary domain filter (the first domain added):
add main domain: @domain.com + zimbraAuthLdapSearchFilter
add another domain: @domain2.com + zimbraAuthLdapSearchFilter
Try to auth to mailX@domain.com -> In the external LDAP logs, I see that carbonio sends to external LDAP the zimbraAuthLdapSearchFilter for domain.com
Try to auth to mailY@domain2.com -> In the external LDAP logs, I see that carbonio sends to external LDAP the zimbraAuthLdapSearchFilter for domain.com!
I use In Carbonio23.5
Is this normal behavior or error?
And there is one more question. Authentication routing when using an external server and multiple application servers:
1. add main domain: @domain.com + zimbraAuthLdapSearchFilter on server1 (with carbonio-appserver and carbonio-user-management)
2. add another domain: @domain2.com + zimbraAuthLdapSearchFilter on server2 (with carbonio-appserver and carbonio-user-management)
3. Try to auth to user "mailY" with password from external LDAP account -> in the external LDAP logs a message about a successful BIND operation. But in mailbox.log on server1 there is an authentication error message. And this is understandable, since this server does not have this user.
4. Try to auth to mailY@domain2.com with password from internal LDAP account -> Success: "Authentication successful for user mailY" in mailbox.log on server1 and all other users actions logs to mailbox.log on server2.
Looks like routing issues when authenticating using external LDAP and several app servers.