Just getting started here but already very impressed!
I'm thinking about moving away from MS entirely, however before I do, I want to live in an integrated environment for a while.
I've done quite a bit of searching and reading and I have to say everyone is very helpful!
Here's my current setup:
2 windows 2003 boxes (A and B) where BoxA (aspen.nsnet.local in the example below) is the master (all roles) and is the Exchange 2003 server. Currently BoxB isn't doing much besides serving some web pages and file serves as well as acting as a backup DNS (trying to phase it out so I can migrate it to Linux).
I have installed Zimbra on my main Linux server for testing purposes, call it BoxZ. (like I said, plan is for BoxB to become a Linux sever).
Internally I use a domain name of nsnet.local and externally I have 10 different domain names (only about 4 of which have email users). Exchange is setup to handle each of the external domains and I have policies that assign the email addresses based on a windows group...but most users have multiple addresses. For instance, user John Doe is email@example.com in AD, however his email address is firstname.lastname@example.org and email@example.com and maybe even firstname.lastname@example.org
What I'd like to do is migrate SOME of the external domains to Zimbra, again mostly for testing. So in my example above I might move email@example.com to Zimbra. Changing the external DNS's MX record was easy enough....and I could manually create a new firstname.lastname@example.org account in Zimbra, however (and here's the kicker, right?) I want John Doe to be able to log into Zimbra using his nsnet.local credentials.
So, the questions are:
a) is this possible?
b) how do I go about it?
I know the later is a bit of a blanket question, however I think I have a start.
In Zimbra I created the domain otherdomain.com and set the GAL as follows:
While I'm on this, is it safe to use the domain admin for the bind DN?
Most results returned by GAL search:
LDAP search base:
For authentication I have:
Again, for testing using the domain admin account- please advise if thats a huge security risk, even during testing.
External Active Directory
LDAP bind DN template:
BUT...when jdoe ties to log in it doesnt work.
So I created an account in Zimbra called email@example.com and then tried to log in as firstname.lastname@example.org and email@example.com however neither worked. So I tried to overide the @otherdomain.com in Jdoe's account and make it @nsnet.local ... but it doesnt appear to have saved the change.
Of course, I'd prefer Zimbra to import all my AD users, or at some based on their group (is that the search term?), but I'd settle for having to manually add accounts in Zimbra that match the AD accounts.
Any suggestions or hints would be GREATLY appericated.
Thanks in advance
p.s. if I want to go totally FLOSS, could I use Zimbra (with its fancy LDAP) as an AD replacement? Can I authenticate XP and OS X (more of the later) and Linux clients against Zimbra?