Extending LDAP for other authentication

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
five04tluv
Posts: 6
Joined: Tue Sep 01, 2015 3:45 pm

Extending LDAP for other authentication

Post by five04tluv »

We are running NE 8.7.11.GA.1854.UBUNTU14.64. We have a need to utilize LDAP for authenticating users from linux hosts, some apps and Windows hosts via SAMBA servers.

I know in the past you could extend the Zimbra schema for these but when you upgraded they would be removed and you'd have to go through and re-add. It seems from support that it isn't really supported any longer.

Is anyone doing this or should I be focusing on an external LDAP and leave Zimbra LDAP alone?

Thanks
Klug
Ambassador
Ambassador
Posts: 2741
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Extending LDAP for other authentication

Post by Klug »

First of all, you should upgrade your server, because you're at risk.
viewtopic.php?f=15&t=65932

Then, about the auth and LDAP, the best way (ie: cleanest and most easy to deal with on long term) is to have an external LDAP server used by all your apps to authenticate against.
You create the accounts on this LDAP server (and in your apps), populate the LDAP server with the needed schema/info (not all users will have the same apps) and set the apps (Zimbra included) to authenticate against this LDAP.

This way you're "ready for the future" (no problem is Zimbra's LDAP schema changes).
That also can be used with some SSO if you wish to.
five04tluv
Posts: 6
Joined: Tue Sep 01, 2015 3:45 pm

Re: Extending LDAP for other authentication

Post by five04tluv »

yes thanks for the reply and I will track this issue and get it on my outage schedule.
Post Reply