<ahref="http://www.zimbra.com/"class="urlextern"title="http://www.zimbra.com/"rel="nofollow">Zimbra</a> is open source server software for email and collaboration - email, group calendar, contacts, instant messaging, file storage and web document management. The Zimbra email and calendar server is available for Linux, Mac <abbrtitle="Operating System">OS</abbr> X and virtualization platforms. Zimbra syncs to smartphones (iPhone, BlackBerry) and desktop clients like Outlook and Thunderbird. Zimbra also features archiving and discovery for compliance. Zimbra can be deployed on-premises or as a hosted email solution.
Zimbra use a specific <ahref="http://wiki.zimbra.com/index.php?title=Preauth"class="urlextern"title="http://wiki.zimbra.com/index.php?title=Preauth"rel="nofollow">preauthentication protocol</a> to provide <abbrtitle="Single Sign On">SSO</abbr> on its application. This protocol is implemented in an <abbrtitle="LemonLDAP::NG">LL::NG</abbr> specific Handler.
<divclass="notetip">Zimbra can also be connected to <abbrtitle="LemonLDAP::NG">LL::NG</abbr> via <ahref="../idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML protocol</a> (see <ahref="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"class="urlextern"title="http://blog.zimbra.com/blog/archives/2010/06/using-saml-assertions-to-access-zimbra.html"rel="nofollow">Zimbra blog</a>).
</div><divclass="noteimportant">For now, Zimbra isn't supported by Nginx handler. You have to use Apache.
The integration with <abbrtitle="LemonLDAP::NG">LL::NG</abbr> is the following:
</p>
<ul>
<liclass="level1"><divclass="li"> A special <abbrtitle="Uniform Resource Locator">URL</abbr> is declared in application menu (like <ahref="http://zimbra.example.com/zimbrasso"class="urlextern"title="http://zimbra.example.com/zimbrasso"rel="nofollow">http://zimbra.example.com/zimbrasso</a>)</div>
</li>
<liclass="level1"><divclass="li"> A Zimbra Handler is called</div>
</li>
<liclass="level1"><divclass="li"> Handler build the preauth request and redirect user on Zimbra preauth <abbrtitle="Uniform Resource Locator">URL</abbr></div>
</li>
<liclass="level1"><divclass="li"> Then Zimbra do the <abbrtitle="Single Sign On">SSO</abbr> by setting a cookie in user's browser</div>
See <ahref="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth"class="urlextern"title="http://wiki.zimbra.com/index.php?title=Preauth#Preparing_a_domain_for_preauth"rel="nofollow">how to do this</a> on Zimbra wiki.
<h3class="sectionedit5"id="zimbra_application_in_menu">Zimbra application in menu</h3>
<divclass="level3">
<p>
Choose for example <ahref="http://zimbra.example.com/zimbrasso"class="urlextern"title="http://zimbra.example.com/zimbrasso"rel="nofollow">http://zimbra.example.com/zimbrasso</a> as <abbrtitle="Single Sign On">SSO</abbr><abbrtitle="Uniform Resource Locator">URL</abbr> and <ahref="../portalmenu.html#categories_and_applications"class="wikilink1"title="documentation:2.0:portalmenu">set it in application menu</a>.
<liclass="level1"><divclass="li"><strong>Preauthentication key</strong>: the one you grab from zmprov command</div>
</li>
<liclass="level1"><divclass="li"><strong>Account session key</strong>: session field used as Zimbra user account (by default: uid)</div>
</li>
<liclass="level1"><divclass="li"><strong>Account type</strong>: for Zimbra this can be name, id or foreignKey (by default: id)</div>
</li>
<liclass="level1"><divclass="li"><strong>Preauthentication <abbrtitle="Uniform Resource Locator">URL</abbr></strong>: Zimbra preauthentication <abbrtitle="Uniform Resource Locator">URL</abbr>, either with full <abbrtitle="Uniform Resource Locator">URL</abbr> (ex: <ahref="http://zimbra.lan/service/preauth"class="urlextern"title="http://zimbra.lan/service/preauth"rel="nofollow">http://zimbra.lan/service/preauth</a>), either only with path (ex: /service/preauth) (by default: /service/preauth)</div>
</li>
<liclass="level1"><divclass="li"><strong>Local <abbrtitle="Single Sign On">SSO</abbr><abbrtitle="Uniform Resource Locator">URL</abbr> pattern</strong>: regular expression to match the <abbrtitle="Single Sign On">SSO</abbr><abbrtitle="Uniform Resource Locator">URL</abbr> (by default: ^/zimbrasso$)</div>
</li>
</ul>
<divclass="noteimportant">Due to Handler <abbrtitle="Application Programming Interface">API</abbr> change in 1.9, you need to set these attributes in <code>lemonldap-ng.ini</code> and not in Manager, for example: