Results 1 to 9 of 9

Thread: Account Name different from Active Directory Username

  1. #1
    Join Date
    Feb 2007
    Location
    Phoenix, AZ
    Posts
    46
    Rep Power
    8

    Default Account Name different from Active Directory Username

    Quick question:

    How would you configure AD to authenticate with a different Zimbra account name? For example: jason.hung@domain.com (Zimbra account) and jhung (Active Directory account). For now, we have been using internal authentication since we haven't figured out how to link the two. We don't want to use jhung@domain.com as the primary email; we want to use jason.hung@domain.com with jhung as the AD Login.

    Can I bind LDAP to the email address listed in AD for the user? Is there a better way to keep the email address first.last@domain.com?

    Thanks.

  2. #2
    Join Date
    Apr 2009
    Posts
    3
    Rep Power
    6

    Default

    Hey Jason,
    I'm wondering if you ever figured out how to make this work. I'm in the same boat you are.

  3. #3
    Join Date
    Feb 2007
    Location
    Phoenix, AZ
    Posts
    46
    Rep Power
    8

    Default

    Actually, I did! I will post my results here in a minute. You can even login with an alias as long as the email address for the user is the same as the main email address for the user. To get this to work properly, the email attribute in Active Directory must be exactly like how your main email address is presented.

  4. #4
    Join Date
    Apr 2009
    Posts
    3
    Rep Power
    6

    Default

    Awesome!
    Thanks

  5. #5
    Join Date
    Feb 2007
    Location
    Phoenix, AZ
    Posts
    46
    Rep Power
    8

    Default

    Authentication mechanism: External LDAP
    LDAP bind DN template: %u@ad.YOURDOMAINNAME.com
    LDAP URL: ldap://ad.YOURDOMAINNAME.com:389
    Enable StartTLS
    LDAP filter: (|(samAccountName=%u) (mail=%u@YOURDOMAINNAME.com)(mail=%n))
    LDAP search base: dc=ad,dc=YOURDOMAINNAME,dc=com
    Use DN/Password to bind to external server: Yes
    cn=ZimbraUser,cn=Users,dc=ad,dc=YOURDOMAINNAME,dc= com

  6. #6
    Join Date
    Apr 2009
    Posts
    3
    Rep Power
    6

    Default

    Oh great. I'll have to try this in a few minutes. I'm assuming you're also running a script that syncs zimbra with AD?

  7. #7
    Join Date
    Feb 2007
    Location
    Phoenix, AZ
    Posts
    46
    Rep Power
    8

    Default

    Sort of... we have an activation webpage where they "subscribe" to their email account. It's connected to our payroll/HR system and they generate their AD and email account at the same time. We use the SOAP API using Ruby on Rails, as well as our Payroll system's SOAP service and LDAP libraries.

    If you want to see a demo of how we do it, send me a PM, and I'll send you a link to our system.

  8. #8
    Join Date
    Nov 2006
    Location
    Pisa - Italy - Europe - Heart
    Posts
    15
    Rep Power
    8

    Default

    Quote Originally Posted by Jason Hung View Post
    Quick question:

    How would you configure AD to authenticate with a different Zimbra account name? For example: jason.hung@domain.com (Zimbra account) and jhung (Active Directory account). For now, we have been using internal authentication since we haven't figured out how to link the two. We don't want to use jhung@domain.com as the primary email; we want to use jason.hung@domain.com with jhung as the AD Login.

    Can I bind LDAP to the email address listed in AD for the user? Is there a better way to keep the email address first.last@domain.com?

    Thanks.
    I have same problem, only difference the external is OpenLdap.
    Can you explain how it works for you and where the patch has to be applied?

    Mario

  9. #9
    Join Date
    Sep 2009
    Posts
    19
    Rep Power
    6

    Default

    Hi Jason

    hope you read this..

    I opened a new thread for a similar question
    (http://www.zimbra.com/forums/adminis...rname-2nd.html)

    I found very intreasting your solution,
    but what it made me spend a lot of time is that often I made test enabling startls option in the authentication wizard:
    the only way I found to let zimbra 6.05 authenticate on win2008 server,
    was to disable startls in the wizard.

    So I ask you:

    in #5 "Enable StartTLS" was an error in writing your solution or, really enabled StarTLS option?

    Finally,
    if you really use "Enable StartTLS", do you configured something other in particular on windows server / zimbra ?

    Thanx in advance for any suggestion, bye, Luca.
    Last edited by lk2oo3; 05-27-2010 at 03:34 AM.

Similar Threads

  1. [SOLVED] upgrading to latest 4.5 release
    By ak2009 in forum Installation
    Replies: 6
    Last Post: 01-17-2009, 08:08 AM
  2. Active directory elimination
    By danny.sierra@omtech.net in forum Administrators
    Replies: 2
    Last Post: 11-23-2007, 12:48 PM
  3. Replies: 3
    Last Post: 09-18-2007, 06:55 AM
  4. centos 5 zimbra 4.5.6 no statistics
    By rutman286 in forum Installation
    Replies: 9
    Last Post: 08-14-2007, 09:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •