I'm looking for information on ZimbraCustomAuth.

Basically, I need to implement a system to try authenticating users against two disparate external authentication servers. We will soon be migrating from LDAP (iPlanet) to Active Directory. In order to accommodate this migration, it would be great if Zimbra could try authenticating a user to AD and automatically failover to LDAP if the user hasn't yet migrated.

There appears to be no way to do this in Zimbra other than writing my own ZimbraCustomAuth class in java as described here:

Bug 16004 - Server should support pluggable authentication API

I'm trying to find information on how to obtain and use "ZimbraExtensionTemplate" as mentioned by Phoebe Shao in that bugzilla case. I can write the authentication java code myself, but I don't know how to integrate it into ZCS. I'm hoping this template would demonstrate that.

I've written to Zimbra support and was told, "Unfortunately, we do not have documentation on this." I've also emailed Phoebe Shao directly and haven't received a reply.

Does anybody have any info on or experience with ZimbraCustomAuth that you're willing to share?

Is there any other way to implement an external AD-then-LDAP authentication/failover mechanism in Zimbra?


Steve Hideg
Saint Mary's College