user are passed to ZimbraCustomAuth.authenticate().

All attributes of the account can be retrieved from the account object.

Kerberos5 Authentication Mechanism

Kerberos5 Authentication Mechanism authenticates users against an external Kerberos server.

1. Set the domain attribute zimbraAuthMech to kerberos5.

2. Set the domain attribute zimbraAuthKerberos5Realm to the Kerberos5 realm in which users in this
domain are created in the Kerberos database. When users log in with an email password and
the domain, zimbraAuthMech is set to kerberos5, the server constructs the Kerberos5 principal by
{localpart-of-the-email}@{value-of-zimbraAuthKerberos5Realm} and uses that to authenticate to
the kerberos5 server.

To specify Kerberos5 for an individual account set the account’s zimbraForeignPrincipal as

kerberos5:{kerberos5-principal}. For example: kerberos5:user1@MYREALM.COM.

Global Address List

The Global Address List (GAL) is a company directory of users, usually within the organization
itself, that is available to all users of the email system. Zimbra Collaboration uses the company
directory to look up user addresses from within the company.

For each Zimbra Collaboration domain you can configure GAL to use:

• External LDAP server

• Zimbra Collaboration internal LDAP server

• Both external LDAP server and Zimbra Collaboration LDAP in GAL searches

The Zimbra Collaboration Web Client can search the GAL. When the user searches for a name, that
name is turned into an LDAP search filter similar to the following example, where the string %s is
the name the user is searching for.

Example 3. Searching the GAL

(|(cn = %s*)(sn=%s*)(gn=%s*)(mail=%s*))
(zimbraMailDeliveryAddress = %s*)
(zimbraMailAlias=%s*)
(zimbraMailAddress = %s*)

GAL Attributes in Zimbra Collaboration

The Attributes Mapped to Zimbra Collaboration Contact table maps generic GAL search attributes
to their Zimbra Collaboration contact fields.

34