Zimbra
Warning: feature in developpement.
Presentation
Zimbra is open source server software for email
and collaboration - email, group calendar, contacts, instant messaging,
file storage and web document management. The Zimbra email and calendar
server is available for Linux, Mac OS X and virtualization platforms.
Zimbra syncs to smartphones (iPhone, BlackBerry) and desktop clients like
Outlook and Thunderbird. Zimbra also features archiving and discovery for
compliance. Zimbra can be deployed on-premises or as a hosted email
solution.
Zimbra use a specific preauthentication protocol
to provide SSO on its application, as described here:
http://wiki.zimbra.com/index.php?title=Preauth.
Integration with
LemonLDAP::NG
The integration with LemonLDAP::NG is the
following:
- A special URL is declared in application menu (like http://zimbra.example.com/zimbrasso)
- A Zimbra Handler is called
- Handler build the preauth request and redirect user on Zimbra
preauth URL
- Then Zimbra do the SSO by setting a cookie in user's browser
Zimbra preauth
key
You need to get a preauth key from Zimbra server.
See
http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth
Choose for example
http://zimbra.example.com/zimbrasso
as SSO URL and set in in application menu.
Configure Zimbra virtual host in
Apache
You will configure Zimbra vhost like other
protected vhost but you will use Zimbra handler instead of default
handler.
<VirtualHost *>
ServerName zimbra.example.com
# Load Zimbra Handler
PerlRequire __HANDLERDIR__/MyHandlerZimbra.pm
PerlHeaderParserHandler My::Zimbra
</VirtualHost>
Configure Zimbra Handler
parameters
Go in Manager, Default parameters > Advanced
parameters > Special handlers > Zimbra, and edit the different keys:
- Preauthentication key: the one you
grab from zmprov command
- Account session key: session field
used as zimbra user account (by default: uid)
- Account type: for Zimbra this can be
name, id or foreignKey (by default: id)
- Preauthentication URL: Zimbra
preauthentication URL, either with full URL (ex: http://zimbra.lan/service/preauth),
either only with path (ex: /service/preauth) (by default:
/service/preauth)
- Local SSO URL pattern: regular
expression to match the SSO URL (by default: ^/zimbrasso$)