Zimbra Mail Server have 3 methods of authentications. First method is Internal LDAP Zimbra, second method is external LDAP and third method is External Active Directory. On this section, i will explain how to integration active directory as center authentication users of Zimbra.
Active directory can be replaced with Samba4. Information about and how to install Samba4, can checked at this link https://imanudin.net/category/samba/
– Go to Zimbra Admin | Configure | Domains. Right click on domain and select Configure Authentication
– Select External Active Directory and Next
– in AD domain name, inser domain from Active Directory and also AD server then Next
– On the LDAP Bind, leave it blank then Next
– In the Authentication Config Summary, enter one of the user to be tested whether the connection between Zimbra with Active Directory / Samba4 is correct or not, and then click Test. If successful, then the connection is correct. However, if that fails, try to check its configuration, both the status of service on Active Directory / Samba4 or service on Zimbra itself
– On the External Group Setting leave it blank and click Next and Finish
Now, your domain has been integration with active directory/Samba4 for authentication. Although already using External Active Directory/Samba4, we still need to create an account manually via Zimbra admin as mailboxes of users who are in the Active Directory/Samba4.
If you want to automatic create mailbox from users of active directory/Samba4, you can using Zimbra Auto Provision as describe at this link : http://goo.gl/4dXlGJ or from this blog for how to 😀
Update July 2, 2021
If you are using Samba4 and get error like below
com.zimbra.cs.ldap.LdapException: LDAP error: – unable to ldap authenticate: BindSimple: Transport encryption required.
Add this to smb.conf and restart Samba4 service
ldap server require strong auth = No
Or you can configure LDAP over SSL here: Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC. Please make sure you are using a trusted certificate
Good luck and hopefully useful 😀