Blog

Zimbra and LDAP Sync

Tips for Configuring MX Guarddog's LDAP Sync with Zimbra

To enable hands off synchronization of your users between a Zimbra based system and MX Guarddog, you can take advantage of our LDAP Sync service.

When you add or remove new email addresses on your Zimbra server, MX Guarddog will automatically pickup the changes so you do not need to do any double entry of address changes at your domain.

Here are a few tips for figuring out the Base DN, Username & Password required to get automated sync going.

Base DN

The Base DN is where a search for users will start within your LDAP server. Normally for Zimbra we suggest you enter something like this, if your domain is example.com:

dc=example,dc=com

If you have the domain example.co.jp, then you could try:

dc=example,dc=co,dc=jp

Username & Password

The username & password is where things get a little interesting with Zimbra. Zinbra has a special account to query the LDAP service, by default the username is uid=zimbra,cn=admins,cn=zimbra.

You do not create this account at your server, it is built into Zimbra by default - it is a special account to query the LDAP service. What is the password for this account? Zimbra provides a special tool to extract the password. The tool is called zmlocalconfig, you can read about the tool in the 8.6 docs (which is the current version at the time of this blog post).

Execute the following command and Zimbra will show you the password for the account:

zmlocalconfig -s zimbra_ldap_password

Using the username uid=zimbra,cn=admins,cn=zimbra, and the password recovered from the above command you should be able to establish the link between MX Guarddog and your Zimbra installation for automated user maintenance.