zimbra + ad, auth and autoprovision, account used permissions?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
BloodyIron
Advanced member
Advanced member
Posts: 67
Joined: Sat Sep 13, 2014 2:58 am
Contact:

zimbra + ad, auth and autoprovision, account used permissions?

Postby BloodyIron » Thu Jul 25, 2013 6:16 pm

I have zimbra authenticating against my Active Directory domain. In fact it works against my fail-over setup (I just give it the two IPs for the two Domain Controllers, no hassle).
I also have it autoprovisioning against the domain.
However, it's using the administrator account (for academic purposes right now).
The lasting solution is a dedicated account. What are the bare minimum permissions the domain account needs on the domain end to achieve both auth checks and autoprov LDAP queries?
I'm hoping not domain admin, but if that's what it takes, so be it.


BloodyIron
Advanced member
Advanced member
Posts: 67
Joined: Sat Sep 13, 2014 2:58 am
Contact:

zimbra + ad, auth and autoprovision, account used permissions?

Postby BloodyIron » Fri Jul 26, 2013 11:25 pm

For autoprovision it looks like any user will do. I created a user and it is not part of any groups, and that user can be used to auto provision with.
I'm still looking into auth.
BloodyIron
Advanced member
Advanced member
Posts: 67
Joined: Sat Sep 13, 2014 2:58 am
Contact:

zimbra + ad, auth and autoprovision, account used permissions?

Postby BloodyIron » Fri Jul 26, 2013 11:27 pm

Authentication looks like it can be done with a basic account, same one as above. Which actually seems like a security risk, but I don't understand kerberos well enough.
Hopefully someone finds this useful.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 12 guests