Professional Documents
Culture Documents
Adminguide-8.8.15 41
Adminguide-8.8.15 41
Account Authentication
Supported authentication mechanisms are Internal, External LDAP, and External Active Directory.
The authentication method type is set on a per-domain basis. If zimbraAuthMech attribute is not set,
the default is to use internal authentication.
The internal authentication method uses the Zimbra schema running on the OpenLDAP server.
The zimbraAuthFallbackToLocal attribute can be enabled so that the system falls back to the local
authentication if external authentication fails. The default is FALSE.
The internal authentication method uses the Zimbra schema running on the OpenLDAP directory
server. For accounts stored in the OpenLDAP server, the userPassword attribute stores a salted-
SHA512 (SSHA512) digest of the user’s password. The user’s provided password is computed into
the SSHA digest and then compared to the stored value.
External LDAP and external Active Directory authentication can be used if the email environment
uses another LDAP server or Microsoft Active Directory for authentication and Zimbra LDAP for all
other Zimbra Collaboration related transactions. This requires that users exist in both OpenLDAP
31