Page 1 of 1

AD group restrictions

Posted: Wed Apr 22, 2015 8:55 pm
by bradlanham

Hi, I would like some advise on configuring the 'zimbraExternalGroupLdapSearchBase' and 'zimbraExternalGroupLdapSearchFilter' attributes. I have configured external AD authentication and it is working as expected. I would however further like to restrict users to a particular AD group and I assume these attributes are involved. I have tried populating the fields with values but they do not seem to have any effect. In fact I can enter 'Mary has a little lamb' and do not receive any warnings or change in authentication behaviour. Users not in that group are able to authenticate regardless. Thanks for your help.

Re: AD group restrictions

Posted: Wed May 15, 2019 12:26 pm
by oetiker

Did you find the right syntax?


Re: AD group restrictions

Posted: Sun May 19, 2019 10:48 pm
by Jordack
Maybe something like:

zimbraExternalGroupLdapSearchBase: OU=MyUsers,DC=network,DC=domain,DC=org
zimbraExternalGroupLdapSearchFilter: (&(objectClass=organizationalPerson)(memberOf=CN=Application Users - Zimbra,OU=Software Access,OU=Groups,OU=MyUsers,DC=network,DC=domain,DC=org))