<ahref="http://www.zimbra.com/"class="urlextern"title="http://www.zimbra.com/"rel="nofollow">Zimbra</a> is open source server software for email and collaboration - email, group calendar, contacts, instant messaging, file storage and web document management. The Zimbra email and calendar server is available for Linux, Mac <abbrtitle="Operating System">OS</abbr> X and virtualization platforms. Zimbra syncs to smartphones (iPhone, BlackBerry) and desktop clients like Outlook and Thunderbird. Zimbra also features archiving and discovery for compliance. Zimbra can be deployed on-premises or as a hosted email solution.
Zimbra use a specific <ahref="http://wiki.zimbra.com/index.php?title=Preauth"class="urlextern"title="http://wiki.zimbra.com/index.php?title=Preauth"rel="nofollow">preauthentication protocol</a> to provide <abbrtitle="Single Sign On">SSO</abbr> on its application. This protocol is implemented in an <abbrtitle="LemonLDAP::NG">LL::NG</abbr> specific Handler.
<divclass="notetip">Zimbra can also be connected to <abbrtitle="LemonLDAP::NG">LL::NG</abbr> via <ahref="../idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML protocol</a> (see <ahref="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"class="urlextern"title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"rel="nofollow">Zimbra blog</a>).
The integration with <abbrtitle="LemonLDAP::NG">LL::NG</abbr> is the following:
</p>
<ul>
<liclass="level1"><divclass="li"> A special <abbrtitle="Uniform Resource Locator">URL</abbr> is declared in application menu (like <ahref="http://zimbra.example.com/zimbrasso"class="urlextern"title="http://zimbra.example.com/zimbrasso"rel="nofollow">http://zimbra.example.com/zimbrasso</a>)</div>
</li>
<liclass="level1"><divclass="li"> A Zimbra Handler is called</div>
</li>
<liclass="level1"><divclass="li"> Handler build the preauth request and redirect user on Zimbra preauth <abbrtitle="Uniform Resource Locator">URL</abbr></div>
</li>
<liclass="level1"><divclass="li"> Then Zimbra do the <abbrtitle="Single Sign On">SSO</abbr> by setting a cookie in user's browser</div>
See <ahref="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth"class="urlextern"title="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth"rel="nofollow">how to do this</a> on Zimbra wiki.
<h3class="sectionedit5"id="zimbra_application_in_menu">Zimbra application in menu</h3>
<divclass="level3">
<p>
Choose for example <ahref="http://zimbra.example.com/zimbrasso"class="urlextern"title="http://zimbra.example.com/zimbrasso"rel="nofollow">http://zimbra.example.com/zimbrasso</a> as <abbrtitle="Single Sign On">SSO</abbr><abbrtitle="Uniform Resource Locator">URL</abbr> and <ahref="../portalmenu.html#categories_and_applications"class="wikilink1"title="documentation:2.0:portalmenu">set it in application menu</a>.
<liclass="level1"><divclass="li"><strong>Preauthentication key</strong>: the one you grab from zmprov command</div>
</li>
<liclass="level1"><divclass="li"><strong>Account session key</strong>: session field used as Zimbra user account (by default: uid)</div>
</li>
<liclass="level1"><divclass="li"><strong>Account type</strong>: for Zimbra this can be name, id or foreignKey (by default: id)</div>
</li>
<liclass="level1"><divclass="li"><strong>Preauthentication <abbrtitle="Uniform Resource Locator">URL</abbr></strong>: Zimbra preauthentication <abbrtitle="Uniform Resource Locator">URL</abbr>, either with full <abbrtitle="Uniform Resource Locator">URL</abbr> (ex: <ahref="http://zimbra.lan/service/preauth"class="urlextern"title="http://zimbra.lan/service/preauth"rel="nofollow">http://zimbra.lan/service/preauth</a>), either only with path (ex: /service/preauth) (by default: /service/preauth)</div>
</li>
<liclass="level1"><divclass="li"><strong>Local <abbrtitle="Single Sign On">SSO</abbr><abbrtitle="Uniform Resource Locator">URL</abbr> pattern</strong>: regular expression to match the <abbrtitle="Single Sign On">SSO</abbr><abbrtitle="Uniform Resource Locator">URL</abbr> (by default: ^/zimbrasso$)</div>
</li>
</ul>
<divclass="noteimportant">Due to Handler <abbrtitle="Application Programming Interface">API</abbr> change in 1.9, you need to set these attributes in <code>lemonldap-ng.ini</code> and not in Manager, for example:
<liclass="level1"><divclass="li"> generated for one zimbra domain only</div>
</li>
<liclass="level1"><divclass="li"> declared globally for every LemonLDAP::NG virtual hosts.</div>
</li>
</ul>
<p>
Thus, if domain1 has been registered on LemonLDAP::NG, user bar won't be able to connect to zimbra because preauth key is different. If you accept to have the same preauth key for all zimbra domains, you can set the same preauth key using this procedure:
</p>
<p>
We are going to use the first key (the domain1 one) for every domain.