Help to configure zimbra as LDAP provider for sssd on RHEL 8

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
philippe-procomm-mmc
Posts: 10
Joined: Thu May 12, 2022 2:18 pm

Help to configure zimbra as LDAP provider for sssd on RHEL 8

Post by philippe-procomm-mmc »

Hello,

I need help to configure my zimbra server as LDAP provider for sssd on RHEL 8.

My zimbra server works perfectly when i use ldapsearch command it's works but i want to use auth from zimbra to authenticate to services like:

gdm gnome
vsftpd

I rode some forum posts but no success.

i tried many things like /etc/sssd/sssd.conf nsswitch.conf /etc/pam.d/vsftpd.conf or nslcd

Obviously I'm not the only one who failed.
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Help to configure zimbra as LDAP provider for sssd on RHEL 8

Post by Klug »

You should not do this but do it the other way round.

Setup a central LDAP (with an easy to use provisioning tool).
This would be your organisation directory, can be used by any app (user management, group management, rights, apps, etc).

Point your Zimbra to this LDAP for auth (and auto-provisioning if you wish).
Point other apps to this LDAP too.
philippe-procomm-mmc
Posts: 10
Joined: Thu May 12, 2022 2:18 pm

Re: Help to configure zimbra as LDAP provider for sssd on RHEL 8

Post by philippe-procomm-mmc »

I managed the configuration with zimbra by cheating in little

I used the zimbraNotes field and I have to create an int uid by hand it does not work with the uuids provided by zimbraId

Code: Select all

[root@mail var]# cat /etc/nslcd.conf
uid nslcd
gid ldap
uri ldap://ldap.demo.lan:389/
base OU=people,DC=demo,DC=lan
binddn uid=zimbra,cn=admins,cn=zimbra
bindpw MYPASSWORDHERE
tls_reqcert never
ssl off

# Mapping Zimbra
filter passwd (objectClass=inetOrgPerson)
filter shadow (objectClass=inetOrgPerson)
filter group (objectClass=inetOrgPerson)
#filter	shadow (&(objectClass=zimbraAccount)(!(zimbraHideInGal=*)))
#filter	passwd (&(objectClass=zimbraAccount)(!(zimbraHideInGal=*)))
map	passwd uid	    uid
map    passwd loginShell    "/bin/bash"
map    passwd homeDirectory "/home/$uid"
map    passwd gecos         displayName
map	shadow uid          uid
map    passwd uidNumber     zimbraNotes
map    passwd gidNumber     zimbraNotes
map    group gidNumber      zimbraNotes

If someone has a solution to add a zimbraUid field in the zimbra schema I'm interested thanks in advance or an auto increment
Post Reply