Zimbra is open source server software for email and collaboration - email, group calendar, contacts, instant messaging, file storage and web document management. The Zimbra email and calendar server is available for Linux, Mac OS X and virtualization platforms. Zimbra syncs to smartphones (iPhone, BlackBerry) and desktop clients like Outlook and Thunderbird. Zimbra also features archiving and discovery for compliance. Zimbra can be deployed on-premises or as a hosted email solution.

Zimbra use a specific preauthentication protocol to provide SSO on its application. This protocol is implemented in an LL::NG specific Handler.

Zimbra can also be connected to LL::NG via SAML protocol (see Zimbra blog).


The integration with LL::NG is the following:

  • A special URL is declared in application menu (like http://zimbra.example.com/zimbrasso)
  • A Zimbra Handler is called
  • Handler build the preauth request and redirect user on Zimbra preauth URL
  • Then Zimbra do the SSO by setting a cookie in user's browser

Zimbra preauth key

You need to get a preauth key from Zimbra server.

See how to do this on Zimbra wiki.

Zimbra application in menu

Zimbra virtual host

You just have to set "Type: ZimbraPreAuth" in virtualhost options and reload configuration in this handler.

Zimbra Handler parameters

Zimbra parameters are the following:

  • Preauthentication key: the one you grab from zmprov command
  • Account session key: session field used as Zimbra user account (by default: uid)
  • Account type: for Zimbra this can be name, id or foreignKey (by default: id)
  • Preauthentication URL: Zimbra preauthentication URL, either with full URL (ex: http://zimbra.lan/service/preauth), either only with path (ex: /service/preauth) (by default: /service/preauth)
  • Local SSO URL pattern: regular expression to match the SSO URL (by default: ^/zimbrasso$)
Due to Handler API change in 1.9, you need to set these attributes in lemonldap-ng.ini and not in Manager, for example:
zimbraPreAuthKey = XXXX
zimbraAccountKey = uid
zimbraBy =id
zimbraUrl = /service/preauth
zimbraSsoUrl = ^/zimbrasso$