Zimbra multidomain

Hello Everyone,
I am trying authenticate zimbra 2FA deployment in multi domain setup where user name user@domain.com.
I got setup in zimbra external authentication filter as


and in configuration interface I used predefined fields for uid=%u and all users show up no issues, but log in not working zimbra give this error

SoapEngine - handler exception: authentication failed for [user@domain.com], external LDAP auth failed, LDAP error:  - unable to ldap authenticate: Invalid user.

Any help thank you


Did you use the automated installer? It that can be found at

as that will take care of the problem.

Or just use the ldap filter from the ‘manual’ readme:


The readme includes a video guide as well.

1 Like

Hello Barry,
In multi domain I used manual setup step by step, the whole goal is allow login with username@domainname.com which (uid=%u) is not allowing

Is I am missing something in setup ?

Yeah, (uid=%u) will work on a multi domain setup.

It is a bit hard to explain, but the way LDAP works in Zimbra, is that the username string is cut into pieces and the ldap filter combined with the ldap search base should resolve to a users.

You should really try the automated set-up.

I changed filter (uid=%u) and same issue. And test of external ldap succeed in web ui, but when trying login as external user
in mailobx.log
external LDAP auth failed, LDAP error: - unable to ldap authenticate: Invalid user.

I wonder if I need use accountname_with_domain =

I tried with automated setup for one domain in multi domain zimbra and it same error. Audit logs are says that everything is OK, but zimbra is not recognized it.

Does the request appear in privacyIDEA? Do you see anything in the audit log?

Some reason right now I don’t see request in audit.log
But I see zimbra connected to port 1389

root@camail00 ~> [~]# lsof -i :1389

java 13320 zimbra 790u IPv6 47664271 0t0 TCP camail00.domain.prod:48710-> (ESTABLISHED)

The only warning in log

[2019-04-30 13:50:50,555][280][139779579479872][WARNING][privacyidea.lib.utils:557] Proxy not allowed to set IP to lan ip.

How possible get support ???
I can’t resolve the issue and I followed exact deployment steps, described in wiki.

Hi! If I have a installation with >50 users (Limite without license), What license I must buy? privacyIDEA Enterprise Edition or privacyIDEA LDAP Proxy?