Welcome Guest, Login or Sign up

Zimbra FOSS Two Factor Authentication powered by PrivacyIDEA

By: zetalliance

You can use the software in this repository to set-up your Zimbra Open Source Edition server with Two Factor Authentication. The 2FA parts are powered by PrivacyIDEA and will run in a Docker container on your Zimbra server.

Technically this makes Zimbra support all 2FA tokens PrivacyIDEA supports. This includes TOTP, HOTP, and Yubikey.

This project uses an LDAP Proxy provided by PrivacyIDEA. So the usernames and passwords are read by PrivacyIDEA from the Zimbra LDAP (or ActiveDirectory if you want). And the 2FA tokens are read from PrivacyIDEA database. The user can log in using 2FA by typing the username, password and token. Or just with username/password if the user has no token yet.

The installation takes around 1GB of space.

Installing

If you have a single server Zimbra running on CentOS or Ubuntu AND you want to use Zimbra's internal LDAP to store usernames and password you can use the automated installer. Tested on CentOS 7 and Ubuntu 18.04.5 LTS.

wget https://raw.githubusercontent.com/Zimbra-Community/zimbra-foss-2fa/master/2fa-installer.sh -O /tmp/2fa-installer.sh
chmod +rx /tmp/2fa-installer.sh
/tmp/2fa-installer.sh

If you have a multi-server Zimbra installation, or want to use Active Directory as back-end for your usernames/passwords. Or if you want to know all configuration steps, follow the manual install guide.

https://github.com/Zimbra-Community/zimbra-foss-2fa/blob/master/README-MANUAL-INSTALL.md

License

Copyright (C) 2015-2022 Barry de Graaff Zeta Alliance

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.


Helpful Links


Download View on GitHub

Rating ( 3 ratings )
Downloads 1870
Latest Version 0.0.3
Categories Two Factor Authentication
Compatibility ZCS 8.8.x
License GNU GPL v2
Created on 2/6/19
Updated on 11/4/23

Reviews

  • Very good! 

    By: Yannis on on 10/12/23 for version 0.0.3

    The 2FA only valid for users accounts and not admin (Zimbra 8.8.15 / Oracle Linux 8).
    To me he wanted the following first:
    dnf install -y dnf-utils zip unzip
    dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
    dnf remove -y runc
    dnf install -y docker-ce --nobest
    (https://oracle-base.com/articles/linux/docker-install-docker-on-oracle-linux-ol8)

  • token limit 

    By: mse on on 7/7/20 for version 0.0.1

    Good afternoon. I have installed privacyidea with zimbra and as soon as I add 50 tokens it gives me external LDAP auth failed error, LDAP error: - unable to ldap authenticate: Failed to authenticate. Wrong HTTP response (400);

    In _data / privacyidea.log appears

    [2020-07-03 20: 13: 14,759] [278] [140009758959424] [INFO] [privacyidea.api.lib.postpolicy: 487] There is no machine with IP = IPAddress (‘127.0.0.1’)

    I have changed the value action: ** {u’tokenissuer ‘: u’Zimbra’, u’tokenlabel ‘: u’ domain.com ‘, u’max_token_per_realm’: u’1000 '} ** and nothing.

     
    • This may be an issue with PrivacyIDEA, please check the forum https://community.privacyidea.org/  

      Replied on 2/21/21

  • Excellent ! 

    By: vuducanha2 on on 6/27/19 for version 0.0.1