Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Zimbra Login problem when integrated with external LDAP server

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-28-2007, 10:21 AM
Junior Member
  
Posts: 6
Default Zimbra Login problem when integrated with external LDAP server
I am using zimbar 4.5.9 version in RHEL4

Authontication Tab after login as admin shows:-

authontication Mechanism: External LDAP
LDAP bind DN template:
LDAP URL: ldap://192.168.1.121:389
LDAP filter: cn=%u
LDAP search base: o=nitrkl
use DN/Password to bind to external server: No

I tested all users currently presend in my LDAP server(192.168.1.121) in Configure Authontication wizard and it shows "Test Successful" but when I really login it shows "The Username and passward is incorrect verify that CAPSLOCK is not on, and then retype the username and passward"

any solution will be highly apreciated..

Thanks in advance
Last edited by yearend; 11-28-2007 at 10:27 AM..
Reply With Quote
  #2 (permalink)  
Old 11-28-2007, 10:29 AM
Zimbra Consultant & Moderator
  
Posts: 19,655
Default
What type of external server are you using? Check that you have the search base correctly defined. What happens if you run an ldapsearch against your external server with those credentials?
__________________
Regards


Bill
Reply With Quote
  #3 (permalink)  
Old 11-28-2007, 10:48 AM
Zimbra Consultant & Moderator
  
Posts: 19,655
Default
Any particular reason you posted a duplicate of this message ten minutes after the first?
__________________
Regards


Bill
Reply With Quote
  #4 (permalink)  
Old 11-28-2007, 10:54 AM
Junior Member
  
Posts: 6
Default ldapsearch executed and shows result...
I am Using eDirectory from Novel at 192.168.1.121
when I run
ldapsearch -v -b 'o=nitrkl' -h 192.168.1.121 -x '(objectclass=*)'
in zimbra server. The first 50 lines shown are as follows:

# extended LDIF
#
# LDAPv3
# base <o=nitrkl> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# NITRKL
dn: o=NITRKL
bhGUIDList: {68BAB5DB-0000-0104-039A-90FFCB81C78A}
bhGUIDList: {A2DAB043-0000-0104-1991-E2FACB81C78B}
nspmPasswordPolicyDN: cn=Universal Password On,cn=Password Policies,cn=Securit
y
o: NITRKL
objectClass: Organization
objectClass: ndsLoginProperties
objectClass: ndsContainerLoginProperties
objectClass: Top
objectClass: bhPortalConfig
ACL: 2#entry#o=NITRKL#loginScript
ACL: 2#entry#o=NITRKL#printJobConfiguration
ACL: 2#subtree#o=NITRKL#cn
ACL: 2#subtree#o=NITRKL#sn
ACL: 2#subtree#o=NITRKL#givenName
ACL: 2#subtree#o=NITRKL#fullName
ACL: 2#subtree#o=NITRKL#mail
ACL: 2#entry#o=NITRKL#bhGUIDList
ACL: 1#entry#[Public]#[Entry Rights]
ACL: 3#subtree#[Public]#uidNumber
ACL: 3#subtree#[Public]#gidNumber
ACL: 3#subtree#[Public]#homeDirectory
ACL: 3#subtree#[Public]#loginShell
ACL: 3#subtree#[Public]#gecos
ACL: 3#subtree#[Public]#memberUid
ACL: 3#subtree#[Public]#description
ACL: 3#subtree#[Public]#uamPosixWorkstationList
ACL: 3#subtree#[Public]#uamPosixWorkstationContexts
ACL: 3#subtree#[Public]#uamPosixSalt
ACL: 3#subtree#cn=UNIX Workstation - sankha,o=SYSTEMS#passwordExpirationTime
ACL: 3#subtree#cn=UNIX Workstation - sankha,o=SYSTEMS#loginDisabled
ACL: 3#subtree#cn=UNIX Workstation - sankha,o=SYSTEMS#loginExpirationTime
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#ACL
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#objectClass
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhObjectGUID
ACL: 2#subtree#cn=publicUser,ou=Extend,o=NITRKL#cn
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmAcceptList
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmApprovedLi st
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmAssignList
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmDeniedList
Last edited by yearend; 11-28-2007 at 10:58 AM..
Reply With Quote
  #5 (permalink)  
Old 11-28-2007, 11:24 AM
Zimbra Consultant & Moderator
  
Posts: 19,655
Default
Yes, but that's not doing a search for this type of entry: filter: cn=%u - you are only listing the structure of your server. How about a search against the directory server for a user with some unique field?
__________________
Regards


Bill
Reply With Quote
  #6 (permalink)  
Old 11-28-2007, 11:55 AM
Junior Member
  
Posts: 6
Default Most specific search RELATED to ABOVE PROBLEM
now I executed
ldapsearch -v -b 'cn=helpdesk,ou=others,o=nitrkl' -h 192.168.1.121 -x '(objectclass=*)'

which shows following:-

# extended LDIF
#
# LDAPv3
# base <cn=helpdesk,ou=OTHERS,o=NITRKL> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# helpdesk, OTHERS, NITRKL
dn: cn=helpdesk,ou=OTHERS,o=NITRKL
primaryGroupID: 623
rid: 2721
pwdLastSet: 1157778528
acctFlags: [UX ]
ntPassword: 4bdc2cb893fb6196e53db96d0b797852
lmPassword: f647e49453fa8f01b75e0c8d76954a50
iFolderServerName: *
nIMSLocale: DS:%m/%d/%y
nIMSLocale: DL:%B %d, %Y
nIMSLocale: T:%I:%M %p
nIMSLocale: WDS:0
nIMSTimezone: 24
nIMSTemplate: cn=WebAccess,ou=Templates,o=Internet Services
nIMSDefaultCharset: UTF-8
novonyxPrivacy: 0
novonyxTimeout: 6
novonyxPreferences: ModWeb:MsgPerPage=10
novonyxLanguage: 4
loginShell: /bin/bash
homeDirectory: /home/2006/helpdesk
gidNumber: 623
uidNumber: 2721
mail: Helpdesk at nit.helpdesk@nitrkl.ac.in
uid: helpdesk
givenName: Helpdesk at nit
Language: ENGLISH
sn: helpdesk
securityEquals: cn=STAFF,ou=GROUPS,o=NITRKL
passwordAllowChange: TRUE
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
objectClass: iFolderUser
objectClass: posixAccount
objectClass: uamPosixUser
objectClass: sambaAccount
loginTime: 20071128184348Z
groupMembership: cn=2006LUM,ou=GROUPS,o=NITRKL
groupMembership: cn=STAFF,ou=GROUPS,o=NITRKL
cn: helpdesk
ACL: 2#subtree#cn=helpdesk,ou=OTHERS,o=NITRKL#[All Attributes Rights]
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#printJobCon figuration
ACL: 2#entry#[Root]#networkAddress
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#iFolderServ erName
ACL: 2#entry#[Public]#uidNumber
ACL: 2#entry#[Public]#gidNumber
ACL: 2#entry#[Public]#loginShell
ACL: 2#entry#[Public]#homeDirectory
ACL: 2#entry#[Public]#gecos
ACL: 2#entry#[Public]#groupMembership
ACL: 1#entry#[Public]#cn
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#lmPassword
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#ntPassword

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
Reply With Quote
  #7 (permalink)  
Old 11-28-2007, 12:17 PM
Junior Member
  
Posts: 6
Default
Sorry probably above output is not satisfing to Ur question....

I executed following in zimbra server which is most specific as per my setting in zimbra

ldapsearch -v -b 'o=nitrkl' -h 192.168.1.121 -x '(cn=helpdesk)'

it shows following:-

# extended LDIF
#
# LDAPv3
# base <o=nitrkl> with scope sub
# filter: (cn=helpdesk)
# requesting: ALL
#

# helpdesk, OTHERS, NITRKL
dn: cn=helpdesk,ou=OTHERS,o=NITRKL
primaryGroupID: 623
rid: 2721
pwdLastSet: 1157778528
acctFlags: [UX ]
ntPassword: 4bdc2cb893fb6196e53db96d0b797852
lmPassword: f647e49453fa8f01b75e0c8d76954a50
iFolderServerName: *
nIMSLocale: DS:%m/%d/%y
nIMSLocale: DL:%B %d, %Y
nIMSLocale: T:%I:%M %p
nIMSLocale: WDS:0
nIMSTimezone: 24
nIMSTemplate: cn=WebAccess,ou=Templates,o=Internet Services
nIMSDefaultCharset: UTF-8
novonyxPrivacy: 0
novonyxTimeout: 6
novonyxPreferences: ModWeb:MsgPerPage=10
novonyxLanguage: 4
loginShell: /bin/bash
homeDirectory: /home/2006/helpdesk
gidNumber: 623
uidNumber: 2721
mail: Helpdesk at nit.helpdesk@nitrkl.ac.in
uid: helpdesk
givenName: Helpdesk at nit
Language: ENGLISH
sn: helpdesk
securityEquals: cn=STAFF,ou=GROUPS,o=NITRKL
passwordAllowChange: TRUE
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
objectClass: iFolderUser
objectClass: posixAccount
objectClass: uamPosixUser
objectClass: sambaAccount
loginTime: 20071128185730Z
groupMembership: cn=2006LUM,ou=GROUPS,o=NITRKL
groupMembership: cn=STAFF,ou=GROUPS,o=NITRKL
cn: helpdesk
ACL: 2#subtree#cn=helpdesk,ou=OTHERS,o=NITRKL#[All Attributes Rights]
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#printJobCon figuration
ACL: 2#entry#[Root]#networkAddress
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#iFolderServ erName
ACL: 2#entry#[Public]#uidNumber
ACL: 2#entry#[Public]#gidNumber
ACL: 2#entry#[Public]#loginShell
ACL: 2#entry#[Public]#homeDirectory
ACL: 2#entry#[Public]#gecos
ACL: 2#entry#[Public]#groupMembership
ACL: 1#entry#[Public]#cn
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#lmPassword
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#ntPassword

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

I THINK THIS SATISFIES TO UR QUESTION...
Reply With Quote
  #8 (permalink)  
Old 11-28-2007, 12:19 PM
Junior Member
  
Posts: 6
Default More specific search
Sorry!! probably above output is not satisfing to Ur question....

I executed following in zimbra server which is most specific as per my setting in zimbra

ldapsearch -v -b 'o=nitrkl' -h 192.168.1.121 -x '(cn=helpdesk)'

it shows following:-

# extended LDIF
#
# LDAPv3
# base <o=nitrkl> with scope sub
# filter: (cn=helpdesk)
# requesting: ALL
#

# helpdesk, OTHERS, NITRKL
dn: cn=helpdesk,ou=OTHERS,o=NITRKL
primaryGroupID: 623
rid: 2721
pwdLastSet: 1157778528
acctFlags: [UX ]
ntPassword: 4bdc2cb893fb6196e53db96d0b797852
lmPassword: f647e49453fa8f01b75e0c8d76954a50
iFolderServerName: *
nIMSLocale: DS:%m/%d/%y
nIMSLocale: DL:%B %d, %Y
nIMSLocale: T:%I:%M %p
nIMSLocale: WDS:0
nIMSTimezone: 24
nIMSTemplate: cn=WebAccess,ou=Templates,o=Internet Services
nIMSDefaultCharset: UTF-8
novonyxPrivacy: 0
novonyxTimeout: 6
novonyxPreferences: ModWeb:MsgPerPage=10
novonyxLanguage: 4
loginShell: /bin/bash
homeDirectory: /home/2006/helpdesk
gidNumber: 623
uidNumber: 2721
mail: Helpdesk at nit.helpdesk@nitrkl.ac.in
uid: helpdesk
givenName: Helpdesk at nit
Language: ENGLISH
sn: helpdesk
securityEquals: cn=STAFF,ou=GROUPS,o=NITRKL
passwordAllowChange: TRUE
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
objectClass: iFolderUser
objectClass: posixAccount
objectClass: uamPosixUser
objectClass: sambaAccount
loginTime: 20071128185730Z
groupMembership: cn=2006LUM,ou=GROUPS,o=NITRKL
groupMembership: cn=STAFF,ou=GROUPS,o=NITRKL
cn: helpdesk
ACL: 2#subtree#cn=helpdesk,ou=OTHERS,o=NITRKL#[All Attributes Rights]
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#printJobCon figuration
ACL: 2#entry#[Root]#networkAddress
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#iFolderServ erName
ACL: 2#entry#[Public]#uidNumber
ACL: 2#entry#[Public]#gidNumber
ACL: 2#entry#[Public]#loginShell
ACL: 2#entry#[Public]#homeDirectory
ACL: 2#entry#[Public]#gecos
ACL: 2#entry#[Public]#groupMembership
ACL: 1#entry#[Public]#cn
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#lmPassword
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#ntPassword

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

I THINK THIS SATISFIES TO UR QUESTION...
Reply With Quote
  #9 (permalink)  
Old 11-28-2007, 11:44 PM
Junior Member
  
Posts: 6
Default
I think the search base is right... The same search base is used in one of our centralized internet facility (called Cyberoam) and it is working fine... I also shown output of specif ldapsearch U had been asked for based on this search base....

Where could be the problem U think ?
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.