Zimbra Mail Server with External Authentication using Samba PDC+OpenLDAP

Zimbra mail server using LDAP as default account database, but we may also use external LDAP/AD as Zimbra user authentication. This tutorial will cover how to use openSUSE/SLES  PDC+OpenLDAP user as Zimbra user authentication.
I’m using openSUSE 11.2 with Samba  PDC+OpenLDAP but tutorial may also applied on another openSUSE version or on SLES. In this example, server hostname is  host pdc.vavai.info (, with bind DN cn=Administrator, dc=vavai, dc=info and using 2 LDAP ports : standard port  389 and SSL port  636. Don’t forget to add these ports as an allowed port on firewall.

  1. Login to Zimbra Admin
  2. Go to Domain on left pane menu
  3. Choose domain to be configure. If we have multi domain schema on Zimbra,  we must configuring external authentication for each domain, even if all domain using same LDAP server
  4. Choose Configure Authentication menu.
  5. On Authentication Mode choose External LDAP
  6. Fill in the configuration of Samba LDAP. Take a look on the following picture for a configuration example
    Adjust the configuration with your own setting and then click Next.
  7. Next wizard are LDAP bind DN configuration. Bind DN is the configuration of admin user/manager used for accessing LDAP data. Click on Use DN/Password to bind to external server check box and then fill the bind DN text box. I’m using cn=Administrator,dc=vavai,dc=info as Samba PDC+openLDAP bind DN. Don’t forget to fill in the bind DN password (admin user/LDAP manager password)
  8. On next wizard, use Samba PDC user account as user name and password and then click  Test for testing Samba PDC+OpenLDAP connection. Zimbra will response with  Authentication Test Result : Authentication test successful message if Samba PDC+OpenLDAP has connected successfully.

Please remember that the above configuration still need an inbox account on Zimbra mail server so you must create the appropriate account with no password on Zimbra to map user on Samba PDC with their mailbox.  Zimbra account do not need password because password will be pass to LDAP account on Samba PDC.
If you wish to integrating Samba & Zimbra user as fully single user name, mailbox and password, please refer to UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI

2 thoughts on “Zimbra Mail Server with External Authentication using Samba PDC+OpenLDAP

  1. I’m using this external authorization against LDAP (Samba + LDAP domain) for a year already. Works perfect, but it is time to upgrade my samba server, because of Win7. Right now i have 3.0.28a (Ubuntu LTS 8.04.3). Win7 is not allowed to authorize against Samba domain, that is built on older releases than 3.3.4 i guess.
    Keep on writing 😉 Great manuals 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *