Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:latest:applications:zimbra [2019/04/09 19:24]
cmaudoux [Presentation]
documentation:latest:applications:zimbra [2019/09/30 15:09] (current)
dcoutadeur [Zimbra Handler parameters]
Line 53: Line 53:
 </​file>​ </​file>​
 </​note>​ </​note>​
 +
 +==== Multi-domain issues ====
 +
 +Some organizations have multiple zimbra domains:
 +  - foo@domain1.com
 +  - bar@domain2.com
 +
 +However, the zimbra preauth key is:
 +  * generated for one zimbra domain only
 +  * declared globally for every LemonLDAP::​NG virtual hosts.
 +
 +Thus, if domain1 has been registered on LemonLDAP::​NG,​ user bar won't be able to connect to zimbra because preauth key is different. If you accept to have the same preauth key for all zimbra domains, you can set the same preauth key using this procedure:
 +
 +We are going to use the first key (the domain1 one) for every domain.
 +On Zimbra machine, generate the keys:
 +
 +<​code>​
 + ​zmprov generateDomainPreAuthKey domain1.com
 + ​preAuthKey:​ 4e2816f16c44fab20ecdee39fb850c3b0bb54d03f1d8e073aaea376a4f407f0c
 +
 + ​zmprov generateDomainPreAuthKey domain2.com
 + ​preAuthKey:​ 6b7ead4bd425836e8cf0079cd6c1a05acc127acd07c8ee4b61023e19250e929c
 +</​code>​
 +
 +Then, connect to your zimbra LDAP server with your favourite tool (Apache Directory Studio can do the job).
 +Take care to connect with the super admin and password account.
 +  * Expand the branch "​dc=com",​ then click the "​dc=domain1"​ branch
 +  * Get the value of zimbraPreAuthKey
 +  * Expand the branch "​dc=com",​ then click the "​dc=domain2"​ branch
 +  * Replace the value of zimbraPreAuthKey you have previously copied
 +  * Wait for all Zimbra servers to update, or restart the zcs server
 +
 +That's it, all zimbra servers will be able to decipher the hmac because they share the same key!