Welcome Guest, Login or Sign up


By: amessina

A server extension to change Active Directory passwords from the Zimbra web client.



  • Zimbra Collaboration Suite 7.0 or later
  • Windows 2008 Active Directory



  1. As root, create the /opt/zimbra/lib/ext/adpassword directory
  2. As root, copy adPassword.jar into /opt/zimbra/lib/ext/adpassword/
  3. As root, import the DER domain controller certificate into the trusted keystore /opt/zimbra/java/jre/lib/security/cacerts
  4. Restart Zimbra


Configure authentication settings for your domain

  1. Open the Zimbra Administration console
  2. Select External LDAP as authentication mechanism
  3. Type the LDAP URL and check Use SSL
  4. Type samaccountname=%u in the LDAP filter field
  5. Specify cn=users,dc=SERVER,dc=EXT in the LDAP search base field
  6. Check Use DN/Password to bind to external server
  7. Enter the Bind DN cn=Administrator,cn=users,dc=SERVER,dc=EXT and its password
  8. If Test past, click Finish
  9. Assign the new change password listener ADPassword



Helpful Links


Rating ( 21 ratings )
Downloads 3959
Latest Version 1.0
Categories Developer Tools , Utilities
Compatibility ZCS 7.x
License No License Specified
Created on 11/5/12
Updated on 10/5/15


  • openldap 

    By: test_nin on on 4/17/18 for version 1.0

    Hi, Can I use it with openldap ? I am getting Error: permission denied

    • I think openldap has a different password attribute, so you would need to change the java and recompile. 

      Replied on 2/7/20

  • Zimbra 8.6 + Window 2008 R2 AD 

    By: destinypolz on on 2/13/18 for version 1.0

    Multiple OU (sub-OU) not work I was using ADpassword.jar from this topic and ADpassword.jar for-Zentyal both not work but single OU is OK.

  • Zimbra 8.7 + Windows Server 2012 or 2016 

    By: Rafishaik on on 10/15/17 for version 1.0

    Thanks a lot to provide the extension for password change. But it is working with 8.6 as System.setProperty("javax.net.ssl.trustStore", "/opt/zimbra/java/jre/lib/security/cacerts". For 8.7 and above we need to change System.setProperty("javax.net.ssl.trustStore", "/opt/zimbra/common/etc/java/cacerts". The above file ADPassword is having only 8.6 supported certificate path.

    Kindly can any one please provide ADPassword.jar file which will support to 8.7.


  • Zimbra 8.7 + Windows Server 2012 

    By: vz on on 3/29/17 for version 1.0


    As some of you may know port 8443 is now being used as Backend HTTPS since Zimbra 8.7 was introduced, which means there will be a conflict with this extension. Can I choose a custom port number?


  • Use zimbraAuthLdapExternalDn instead of email user name and domain? 

    By: Statler Waldorf on on 4/13/16 for version 1.0

    Thanks to everyone who worked on this extension. It's very much appreciated.

    There is a unique situation that I would like to use this extension for, but I'm not sure it will work.

    My email domain and user names are different than the AD domain and user names. I use the zimbraAuthLdapExternalDn field to connect the email account to the AD account so that they use the same password. The groups and GAL are contained entirely in the email server. The only AD attribute used is the password.

    When I use ADPassword, the password change attempt is passing the email username and domain. Is there a way to make it pass the zimbraAuthLdapExternalDn value instead?

  • Great!! Works in Zimbra 8.6 and Windows 2012 R2 

    By: zetalliance on on 4/2/16 for version 1.0

    Took me some time to figure out how to install, I have written a new install how to and video:



  • Import the DER domain controller certificate 

    By: gettlin on on 4/1/16 for version 1.0

    Can you give me precise information on how to do this?

  • function updatePassword modified to locate users in any organizational unit 

    By: ronaldomaya@gmail.com on on 3/7/16 for version 1.0

    public void updatePassword(String username, String password) throws NamingException {
    NamingEnumeration userfield;
    String quotedPassword = "\"" + password + "\"";
    char unicodePwd[] = quotedPassword.toCharArray();
    byte pwdArray[] = new byte[unicodePwd.length * 2];
    for (int i=0; i>> 8);
    pwdArray[i*2 + 0] = (byte) (unicodePwd[i] & 0xff);
    ModificationItem[] mods = new ModificationItem[1];
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("UnicodePwd", pwdArray));

    //ldapContext.modifyAttributes("cn=" + username + "," + authLdapSearchBase, mods);

    NamingEnumeration users = fetchUser(username);

    SearchResult user = (SearchResult)users.nextElement();
    String RDN = user.getNameInNamespace();

    ldapContext.modifyAttributes(RDN, mods);


    in ADChangePasswordListener modify acct.getDisplayName() by acct.getUid()

    //adc.updatePassword(acct.getDisplayName() , newPassword);
    adc.updatePassword(acct.getUid(), newPassword);

  • Awesome! 

    By: maxxer on on 7/1/15 for version 1.0

    Really awesome extension!thanks!

    • Thanks a lot maxxer. I hope it works goods in your environment. 

      Replied on 11/8/12

  • Doesn't work properly 

    By: sxdxfan on on 3/12/15 for version 1.0

    Thank you for the hard work, but somehow this extention doesn't change my AD password, it just lets me log in to Zimbra using both passwords instead, one for AD and the changed one for ZimbraAny feedback would be appreciated!

  • Import the DER domain controller certificate 

    By: info@studiovisentin.com on on 11/14/14 for version 1.0

    Can I have detailed information on how to do this? I have exported Windows 2008 domain controller certificate in DER format but then I can't what to do.There is a specific command to import the DER domain controller certificate into the trusted keystore /opt/zimbra/java/jre/lib/security/cacerts ?Best regardsEmiliano

  • External AD with multiple OUs 

    By: alaa.jack on on 3/14/14 for version 1.0

    Hello, Thanks for the greate extension.I tested it and it works perfectly with AD with specifying only one OU;Can any one assist me in getting it works for AD with multiple OUs? I tried the two external wizards on zimbra on Global catalog port over SSL I got this error: operation not permitted through GC port & standard LDAP port over SSL;I set the "zimbraauthldapsearchbas" to my AD domain: dc=example,dc=com but I get LDAP error 34 (invalid DN).Can anyone please help me on this? Thanks in advance  

  • Master piece of work 

    By: DinoNet on on 3/6/14 for version 1.0

    This is great extension ever...

  • Password still mismatching after sync 

    By: magz on on 4/19/13 for version 1.0

    8.2 ZCS OSE. I deployed ADPassword according to this step-by-step manual, but the password still didn't change in my AD, after I change it in WebUI. Does it works properly in my version of ZCS? If yes, could you please help me to solve this task.  Thank you in advance.

  • Does this work with the Open Source Version? 

    By: cbarthmann_m on on 4/9/13 for version 1.0

    I've been trying to test your extension with a test environment, running W2K8, ZCS Open Source 7.2.3.  I've been able to get as far as configuring Authentication for the domain, which works both with and without SSL.  Clicking the Test button in the Authentication Configuration Wizard works properly. When I go as a user to the Zimbra Web Client, and attempt to change the password in General/Login Options, I receive an error "A network service error has occurred".  The Zimbra mailbox.log file contains the error:com.zimbra.common.service.ServiceException: system failure: change password listener adpassword for account acct@pretendco.com not found. Running zmprov gd pretendco.com zimbraPasswordChangeListener returns adpassword as expected. Any ideas?Thanks.

  • search CN 

    By: g4m8i7 on on 4/9/13 for version 1.0

    It seems that your script uses the displayname to search the AD record. Any way it could be configured to use the %u placeholder like Zimbra does? So it can match the samAccountName instead of the CN with the display name? Thanks! For now, I've just disallowed anyone from changing their display name, so I know they match, but if that change could happen (Or just the option), that would be fantastic!

  • Always pop-up ask username and password in outlook and blackberry ? 

    By: hafizz on on 3/26/13 for version 1.0

    I've tested the extension in my zimbra 7.2 multi server environment and my Active Directory version MS.AD 2003 Server, But I've problem with the password in outlook and blackberry always pop-up asking with username and password.1. anyone can give me a reference guidance (how to) best practice to create DER Active Directory 2003 Server and import it into Zimbra Server ? step-by-step2. this tools working on with active directory 2003 or not ? Thank you regards,Hafiz

  • Import DRE 

    By: efelipe on on 2/20/13 for version 1.0

    how to import the certificate DRE trusted domain controller?

  • Issues/Improvements 

    By: ayuncordoba on on 2/12/13 for version 1.0

    I have test your extension, and it's does his job great, but if you have all cobnfigured/prepared as you think would be.This is my issues/suggestion/improvements:I have zimbra with n domains that have their corresponding active directory user, but this "ADUser" has their account with different name from zimbra account. For ex.: jperez@ayuncordoba.es and in Active Directory this user is JOPD.I have provisioned on all user accounts in Zimbra "zimbraAuthLdapExternalDn" of distinguishedName of corresponding Active Directory account, and when i login it's works, but when i try to change user password, zimbra reports on logs that it can't find user in ldap of active directory.I have review your code, and I think that this field it's not supported.And also all my users are in differents "Organization Units" that depends from one master unit, and your ADPassword don't support this (all users in one OU or it does not work).Thanks in advance.  

  • Zimbra 8 

    By: blutecher on on 1/26/13 for version 1.0

    Is Zimbra supported by this one? Great extension by the way!

  • Feedbacks required 

    By: amessina on on 11/10/12 for version 1.0

    For you users of this extension:Let me know how it worksSignal every bug/issueSuggest improvements Thank you all,Antonio.