Page 1 of 1

Extending LDAP for other authentication

Posted: Wed May 15, 2019 2:19 pm
by five04tluv
We are running NE 8.7.11.GA.1854.UBUNTU14.64. We have a need to utilize LDAP for authenticating users from linux hosts, some apps and Windows hosts via SAMBA servers.

I know in the past you could extend the Zimbra schema for these but when you upgraded they would be removed and you'd have to go through and re-add. It seems from support that it isn't really supported any longer.

Is anyone doing this or should I be focusing on an external LDAP and leave Zimbra LDAP alone?

Thanks

Re: Extending LDAP for other authentication

Posted: Wed May 15, 2019 3:58 pm
by Klug
First of all, you should upgrade your server, because you're at risk.
viewtopic.php?f=15&t=65932

Then, about the auth and LDAP, the best way (ie: cleanest and most easy to deal with on long term) is to have an external LDAP server used by all your apps to authenticate against.
You create the accounts on this LDAP server (and in your apps), populate the LDAP server with the needed schema/info (not all users will have the same apps) and set the apps (Zimbra included) to authenticate against this LDAP.

This way you're "ready for the future" (no problem is Zimbra's LDAP schema changes).
That also can be used with some SSO if you wish to.

Re: Extending LDAP for other authentication

Posted: Wed May 15, 2019 6:21 pm
by five04tluv
yes thanks for the reply and I will track this issue and get it on my outage schedule.