User authentication
To configure user authentication from external sources, eg. LDAP, AD, Zimbra, IMAP, etc. sources, set either of the following options in config-site.php.
Authenticating against an IMAP server
$config['ENABLE_IMAP_AUTH'] = 1;
$config['IMAP_HOST'] = 'mail.yourdomain.com';
$config['IMAP_PORT'] = 993;
$config['IMAP_SSL'] = true;
The UI will forward authentication requests to the IMAP server. If you need auditor or additional admin users, then create them manually in the gui as local users.
If your IMAP server expects only usernames and not complete email addresses as the login name, then you may use a custom authentication to fix it.
Authenticating against a POP3 server
$config['ENABLE_POP3_AUTH'] = 1;
$config['POP3_HOST'] = 'mail.yourdomain.com';
$config['POP3_PORT'] = 993;
$config['POP3_SSL'] = true;
The same notes at the IMAP authentication above also apply here.
Authenticating against an AD server
Create a helper account in your ActiveDirectory that will be used for authorization, e.g. cn=Piler,OU=....
Export the certificate used by your AD server as "Base64 encoded X.509 (.CER)" and copy it to "/usr/local/share/ca-certificates/" with a ".crt" extension, then run "update-ca-certificates" (Debian, Ubuntu). You may test the connection with ldapsearch:
ldapsearch -H ldaps://yourserver.example.com:636 -x -D "cn=Piler,OU=...." -W -b 'OU=Users,DC=example,DC=com'$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_USE_START_TLS'] = 1;
$config['LDAP_HOST'] = 'ad.example.com';
$config['LDAP_MAIL_ATTR'] = 'proxyAddresses';
$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'user';
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'group';
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'member';
$config['LDAP_HELPER_DN'] = 'cn=.....';
$config['LDAP_HELPER_PASSWORD'] = 'xxxxxxx';
Authenticating against a Zimbra server
$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_USE_START_TLS'] = 1;
$config['LDAP_HOST'] = 'zimbra.example.com';
$config['LDAP_MAIL_ATTR'] = 'mail';
$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'zimbraAccount';
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'zimbraDistributionList';
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'zimbraMailForwardingAddress';
$config['LDAP_HELPER_DN'] = 'uid=zimbra,cn=admins,cn=zimbra';
$config['LDAP_HELPER_PASSWORD'] = 'xxxxxxx';
Authenticating against Lotus Domino
$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_USE_START_TLS'] = 1;
$config['LDAP_MAIL_ATTR'] = 'mail';
$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'dominoPerson';
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'dominoGroup');
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'mail';
$config['LDAP_HELPER_DN'] = '.........';
$config['LDAP_HELPER_PASSWORD'] = 'xxxxxxx';
Authenticating against iredmail
$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_USE_START_TLS'] = 1;
$config['LDAP_MAIL_ATTR'] = 'mail';
$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'mailUser';
$config['LDAP_BASE_DN'] = 'o=domains,dc=yourdomain,dc=com';
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'mailList';
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'memberOfGroup';
$config['LDAP_HELPER_DN'] = 'cn=vmailadmin,dc=yourdomain,dc=com';
$config['LDAP_HELPER_PASSWORD'] = 'xxxxxxx';
Authenticating against Univention
$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_USE_START_TLS'] = 1;
$config['LDAP_HOST'] = 'univention.example.com';
$config['LDAP_MAIL_ATTR'] = 'mailPrimaryAddress';
$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'person';
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'person';
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'mailAlternativeAddress';
$config['LDAP_HELPER_DN'] = '.........';
$config['LDAP_HELPER_PASSWORD'] = 'xxxxxxx';