Quote:
Originally Posted by phoenix  OK, it's been a while since I used AD but here goes.
This has to be a 'real' domain name where all the users live on the AD server. If this is the email address test1@capeinternal.com then it should be 'dc=capeinternal,dc=com' for the search base - that's where the domain name has been defined and where the search for a user will commence. See if that makes any difference to your setup. |
I used rdp to log into the AD controller and I found out its true name is capetest.capecomputing.com. I assume zimbra prefilled this info based on the new domain I am creating and assumed the backing AD domain would be the same. So would the search base be this:
'dc=capetest.capecomputing,dc=com' OR
'dc=capetest,dc=capecomputing,dc=com' ?
I tried both flavors and I am still getting the same result. I am no longer getting that other exception (I changed to using an ip address for the Bind DN) however now I am getting check_AUTH_FAILED
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 525, vece
Which I think is AUTH FAILED. Now this is just for the GAL.
When I setup External Authentication the test works. However when I try to log in to my mail account for that new domain I keep getting authentication failed. The logs don't seem to provide enough answers. I can't tell any of the following:
1) Is it failing because it can't find the associated account in AD
2) Is it trying to authenticate against something else
3) Is it a comm error
Thats why I wish I knew how the accounts were being linked. What is the ldap connection used to link Zimbra accounts to authenticate against AD accounts. Is it common name, or a combination of several other LDAP atributes? Is there a command line tool that I can test with (maybe ldapsearch) that will let me authenticate to the domain from the zimbra box just to narrow my search down.
thanks again for helping phoenix.