Results 1 to 2 of 2

Thread: Strange times in AD integration

  1. #1
    Join Date
    Jul 2007
    Posts
    10
    Rep Power
    8

    Default Strange times in AD integration

    Here are two quirks I have identified.

    Because Zimbra can't obtain a userlist from AD to make accounts, there must be a matching "account" in both AD and ZCS . It doesn't matter about the details, just has to have the same primary username, if you want the ZCS to get it's authentication from AD. This is going to be a pain if you are creating and deleting Accounts a lot; this was the whole point of AD/Exchange.

    What is a particular pain is that it can't get the contact information from AD. Com'on... what's that all about.

    Even if you set the authentication to External. You can still create non-AD users in ZCS as long as you give them Administration rights. I found this odd.

    You can authenticate into ZCS with alias names for any ZCS account, even though AD doesn't have aliases. This is kind of cool, but useless. What I'm interested in seeing is if Zimbra Desktop will pick up the OS authentication and just fire up without logging in, the whole point of single sign-on service of Open LDAP or AD.

    Surely one of you programmer super-geeks (I'm an uber-geek) can write an extension to ZCS that can keep AD and ZCS users and directory data sync'd.

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    How goes your initial migration? -I remember your thread from before
    To answer the other questions:
    Quote Originally Posted by lmnau View Post
    Even if you set the authentication to External. You can still create non-AD users in ZCS as long as you give them Administration rights. I found this odd.
    And if your external AD goes down... or you don't have the admin account setup properly/the same in AD...
    This solution was implemented a long time ago; for admin accounts zimbraAdminAuthFallBackToLocal is set so that external auth is tried first, if it fails then local is tried.
    Bug 5106 - always fall back to local auth for admin UI?
    (You can set also set it on the entire domain like: zmprov md yourdomain.com zimbraAuthFallbackToLocal TRUE)

    Quote Originally Posted by lmnau View Post
    Because Zimbra can't obtain a userlist from AD to make accounts, there must be a matching "account" in both AD and ZCS . It doesn't matter about the details, just has to have the same primary username, if you want the ZCS to get it's authentication from AD.This is going to be a pain if you are creating and deleting Accounts a lot; this was the whole point of AD/Exchange.
    Surely one of you programmer super-geeks (I'm an uber-geek) can write an extension to ZCS that can keep AD and ZCS users and directory data sync'd.
    I wish I could help you out-alas I can't! File a request for a synchronization ability. Be sure to post a link back here so we know where it's at.

    There's also a downside to new account auto-provisioning (if the user's were able to do it by simply signing on) which is why when it is implemented it will have a method for admins to turn it on/off; because sometimes you're just not ready to migrate an account. (see Bug 7235 - Auto Provision New Accounts with External LDAP)

    Quote Originally Posted by lmnau View Post
    What is a particular pain is that it can't get the contact information from AD. Com'on... what's that all about.
    I agree, an on-demand migration tool/even a subpage of the external auth tab where you could grab a list of users would be very nice. -hate to be repetitive, but again make an RFE, it's how features get implemented.
    Last edited by mmorse; 09-17-2007 at 10:32 PM.

Similar Threads

  1. Regarding the Integration of Zimbra & Php
    By kunal123 in forum Developers
    Replies: 1
    Last Post: 10-12-2008, 06:41 AM
  2. Tight samba integration with zimbra
    By daniellawson in forum Administrators
    Replies: 21
    Last Post: 06-14-2007, 04:06 PM
  3. I am lost (products, integration with CRM etc)
    By Tmanagement in forum Installation
    Replies: 2
    Last Post: 05-01-2007, 09:32 AM
  4. Bad meeting times after it has been synced from a PDA
    By fmodola in forum Zimbra Mobile
    Replies: 0
    Last Post: 03-06-2007, 06:41 AM
  5. Auto Login for webapp integration?
    By ronnyek in forum Administrators
    Replies: 2
    Last Post: 12-11-2006, 10:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •