I have Zimbra Collaboration Suite installed for my personal network at home and wanted to integrate it to Open Directory for authentication purposes. The problem is though that Zimbra does not make this easy, especially when dealing with SSL certificates. Here’s what I did step by step (oooh baby)
1. Download and install the Zimbra package,
1.1 Next, verify your DNS is setup correctly. The server you’re installing Zimbra onto must have a DNS record, this record must be the server’s hostname as well as the domain’s MX.
1.2 the via SSH run
/opt/zimbra/libexec/zmsetup.pl as ROOT
1.3 Zimbra will assume that the machine’s hostname is also its TLD. Which 99% of the time is not the case. You can enter your TLD when it asks.
2. Enter admin password (3, 4) Enter License (19) Return (r)
If your Zimbra server is installed onto the Open Directory Master or Replica, change the LDAP port to be 390 (1,3)
Apply Changes (a)
3. Import the Open Directory’s LDAP SSL certificate into Zimbra as a trusted certificate.
/tmpfolder on the Zimbra Server. The default cert is located at
sudo keytool -import -keystore /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/security/cacerts -storepass changeit -alias LDAPAUTH -file /tmp/Default.crt
sudo -u zimbra /opt/zimbra/bin/zmcontrol stopand then start
4. Navigate to https://servername:7071 in your web browser to enter the admin console of Zimbra
5. Configure Zimbra to use the external LDAP as its domain authentication method
6. Configure Zimbra to use the external LDAP GAL
For manual batch user provisioning of Open Directory users to Zimbra:
ca email@example.com “”
ca firstname.lastname@example.org “”
ca email@example.com “”
sudo /opt/zimbra/zmprov < userlist.txt
For manually provisioning Open Directory users to Zimbra:
sudo /opt/zimbra/bin/zmprov ca firstname.lastname@example.org ""