I'm trying to configure a new zimbra 8 OSE installation with integrated active directory authentication.

We've AD users like lastnamefirstletterofname@mylocaldomain.local

and mail users in zimbra like name.lastname@myexternaldomain.it

Users in AD have the mail attribute correctly filled.

I've configured external auth on Active Directory, ldap filter (|(sAMAccountName=%u)(mail=%u@myexternaldomain.it) (mail=%n) ) and I create in zimbra an user like lastnamefirstletterofname@myexternaldomain.it, in this case AD auth works perfectly.

If I create an user like name.lastname@myexternaldomain.it AD auth doesn't work.

I've tried to modify filter leaving only (mail=%n) but it doesn't work too but with lastnamefirstletterofname@myexternaldomain.it it continue to work.

In audit.log i found this line:

2012-10-31 13:35:44,023 WARN  [qtp1991212971-380:] [name=name.lastname@myexternaldomain.it;oip=xxx.xxx.xxx.xxx;ua=zclient/8.0.0_GA_5434;] security - cmd=Auth; account=name.lastname@myexternaldomain.it; protocol=soap; error=authentication failed for [name.lastname@myexternaldomain.it], external LDAP auth failed, LDAP error:  - unable to ldap authenticate: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece;
Please help me!!

Thank you!