Results 1 to 9 of 9

Thread: Zimbra Login problem when integrated with external LDAP server

  1. #1
    yearend is offline Junior Member
    Join Date
    Nov 2007
    Posts
    6
    Rep Power
    7

    Default Zimbra Login problem when integrated with external LDAP server

    I am using zimbar 4.5.9 version in RHEL4

    Authontication Tab after login as admin shows:-

    authontication Mechanism: External LDAP
    LDAP bind DN template:
    LDAP URL: ldap://192.168.1.121:389
    LDAP filter: cn=%u
    LDAP search base: o=nitrkl
    use DN/Password to bind to external server: No

    I tested all users currently presend in my LDAP server(192.168.1.121) in Configure Authontication wizard and it shows "Test Successful" but when I really login it shows "The Username and passward is incorrect verify that CAPSLOCK is not on, and then retype the username and passward"

    any solution will be highly apreciated..

    Thanks in advance
    Last edited by yearend; 11-28-2007 at 10:27 AM.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,492
    Rep Power
    56

    Default

    What type of external server are you using? Check that you have the search base correctly defined. What happens if you run an ldapsearch against your external server with those credentials?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,492
    Rep Power
    56

    Default

    Any particular reason you posted a duplicate of this message ten minutes after the first?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    yearend is offline Junior Member
    Join Date
    Nov 2007
    Posts
    6
    Rep Power
    7

    Default ldapsearch executed and shows result...

    I am Using eDirectory from Novel at 192.168.1.121
    when I run
    ldapsearch -v -b 'o=nitrkl' -h 192.168.1.121 -x '(objectclass=*)'
    in zimbra server. The first 50 lines shown are as follows:

    # extended LDIF
    #
    # LDAPv3
    # base <o=nitrkl> with scope sub
    # filter: (objectclass=*)
    # requesting: ALL
    #

    # NITRKL
    dn: o=NITRKL
    bhGUIDList: {68BAB5DB-0000-0104-039A-90FFCB81C78A}
    bhGUIDList: {A2DAB043-0000-0104-1991-E2FACB81C78B}
    nspmPasswordPolicyDN: cn=Universal Password On,cn=Password Policies,cn=Securit
    y
    o: NITRKL
    objectClass: Organization
    objectClass: ndsLoginProperties
    objectClass: ndsContainerLoginProperties
    objectClass: Top
    objectClass: bhPortalConfig
    ACL: 2#entry#o=NITRKL#loginScript
    ACL: 2#entry#o=NITRKL#printJobConfiguration
    ACL: 2#subtree#o=NITRKL#cn
    ACL: 2#subtree#o=NITRKL#sn
    ACL: 2#subtree#o=NITRKL#givenName
    ACL: 2#subtree#o=NITRKL#fullName
    ACL: 2#subtree#o=NITRKL#mail
    ACL: 2#entry#o=NITRKL#bhGUIDList
    ACL: 1#entry#[Public]#[Entry Rights]
    ACL: 3#subtree#[Public]#uidNumber
    ACL: 3#subtree#[Public]#gidNumber
    ACL: 3#subtree#[Public]#homeDirectory
    ACL: 3#subtree#[Public]#loginShell
    ACL: 3#subtree#[Public]#gecos
    ACL: 3#subtree#[Public]#memberUid
    ACL: 3#subtree#[Public]#description
    ACL: 3#subtree#[Public]#uamPosixWorkstationList
    ACL: 3#subtree#[Public]#uamPosixWorkstationContexts
    ACL: 3#subtree#[Public]#uamPosixSalt
    ACL: 3#subtree#cn=UNIX Workstation - sankha,o=SYSTEMS#passwordExpirationTime
    ACL: 3#subtree#cn=UNIX Workstation - sankha,o=SYSTEMS#loginDisabled
    ACL: 3#subtree#cn=UNIX Workstation - sankha,o=SYSTEMS#loginExpirationTime
    ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#ACL
    ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#objectClass
    ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhObjectGUID
    ACL: 2#subtree#cn=publicUser,ou=Extend,o=NITRKL#cn
    ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmAcceptList
    ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmApprovedLi st
    ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmAssignList
    ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmDeniedList
    Last edited by yearend; 11-28-2007 at 10:58 AM.

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,492
    Rep Power
    56

    Default

    Yes, but that's not doing a search for this type of entry: filter: cn=%u - you are only listing the structure of your server. How about a search against the directory server for a user with some unique field?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    yearend is offline Junior Member
    Join Date
    Nov 2007
    Posts
    6
    Rep Power
    7

    Default Most specific search RELATED to ABOVE PROBLEM

    now I executed
    ldapsearch -v -b 'cn=helpdesk,ou=others,o=nitrkl' -h 192.168.1.121 -x '(objectclass=*)'

    which shows following:-

    # extended LDIF
    #
    # LDAPv3
    # base <cn=helpdesk,ou=OTHERS,o=NITRKL> with scope sub
    # filter: (objectclass=*)
    # requesting: ALL
    #

    # helpdesk, OTHERS, NITRKL
    dn: cn=helpdesk,ou=OTHERS,o=NITRKL
    primaryGroupID: 623
    rid: 2721
    pwdLastSet: 1157778528
    acctFlags: [UX ]
    ntPassword: 4bdc2cb893fb6196e53db96d0b797852
    lmPassword: f647e49453fa8f01b75e0c8d76954a50
    iFolderServerName: *
    nIMSLocale: DS:%m/%d/%y
    nIMSLocale: DL:%B %d, %Y
    nIMSLocale: T:%I:%M %p
    nIMSLocale: WDS:0
    nIMSTimezone: 24
    nIMSTemplate: cn=WebAccess,ou=Templates,o=Internet Services
    nIMSDefaultCharset: UTF-8
    novonyxPrivacy: 0
    novonyxTimeout: 6
    novonyxPreferences: ModWeb:MsgPerPage=10
    novonyxLanguage: 4
    loginShell: /bin/bash
    homeDirectory: /home/2006/helpdesk
    gidNumber: 623
    uidNumber: 2721
    mail: Helpdesk at nit.helpdesk@nitrkl.ac.in
    uid: helpdesk
    givenName: Helpdesk at nit
    Language: ENGLISH
    sn: helpdesk
    securityEquals: cn=STAFF,ou=GROUPS,o=NITRKL
    passwordAllowChange: TRUE
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: Person
    objectClass: ndsLoginProperties
    objectClass: Top
    objectClass: iFolderUser
    objectClass: posixAccount
    objectClass: uamPosixUser
    objectClass: sambaAccount
    loginTime: 20071128184348Z
    groupMembership: cn=2006LUM,ou=GROUPS,o=NITRKL
    groupMembership: cn=STAFF,ou=GROUPS,o=NITRKL
    cn: helpdesk
    ACL: 2#subtree#cn=helpdesk,ou=OTHERS,o=NITRKL#[All Attributes Rights]
    ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#loginScript
    ACL: 2#entry#[Public]#messageServer
    ACL: 2#entry#[Root]#groupMembership
    ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#printJobCon figuration
    ACL: 2#entry#[Root]#networkAddress
    ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#iFolderServ erName
    ACL: 2#entry#[Public]#uidNumber
    ACL: 2#entry#[Public]#gidNumber
    ACL: 2#entry#[Public]#loginShell
    ACL: 2#entry#[Public]#homeDirectory
    ACL: 2#entry#[Public]#gecos
    ACL: 2#entry#[Public]#groupMembership
    ACL: 1#entry#[Public]#cn
    ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#lmPassword
    ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#ntPassword

    # search result
    search: 2
    result: 0 Success

    # numResponses: 2
    # numEntries: 1

  7. #7
    yearend is offline Junior Member
    Join Date
    Nov 2007
    Posts
    6
    Rep Power
    7

    Default

    Sorry probably above output is not satisfing to Ur question....

    I executed following in zimbra server which is most specific as per my setting in zimbra

    ldapsearch -v -b 'o=nitrkl' -h 192.168.1.121 -x '(cn=helpdesk)'

    it shows following:-

    # extended LDIF
    #
    # LDAPv3
    # base <o=nitrkl> with scope sub
    # filter: (cn=helpdesk)
    # requesting: ALL
    #

    # helpdesk, OTHERS, NITRKL
    dn: cn=helpdesk,ou=OTHERS,o=NITRKL
    primaryGroupID: 623
    rid: 2721
    pwdLastSet: 1157778528
    acctFlags: [UX ]
    ntPassword: 4bdc2cb893fb6196e53db96d0b797852
    lmPassword: f647e49453fa8f01b75e0c8d76954a50
    iFolderServerName: *
    nIMSLocale: DS:%m/%d/%y
    nIMSLocale: DL:%B %d, %Y
    nIMSLocale: T:%I:%M %p
    nIMSLocale: WDS:0
    nIMSTimezone: 24
    nIMSTemplate: cn=WebAccess,ou=Templates,o=Internet Services
    nIMSDefaultCharset: UTF-8
    novonyxPrivacy: 0
    novonyxTimeout: 6
    novonyxPreferences: ModWeb:MsgPerPage=10
    novonyxLanguage: 4
    loginShell: /bin/bash
    homeDirectory: /home/2006/helpdesk
    gidNumber: 623
    uidNumber: 2721
    mail: Helpdesk at nit.helpdesk@nitrkl.ac.in
    uid: helpdesk
    givenName: Helpdesk at nit
    Language: ENGLISH
    sn: helpdesk
    securityEquals: cn=STAFF,ou=GROUPS,o=NITRKL
    passwordAllowChange: TRUE
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: Person
    objectClass: ndsLoginProperties
    objectClass: Top
    objectClass: iFolderUser
    objectClass: posixAccount
    objectClass: uamPosixUser
    objectClass: sambaAccount
    loginTime: 20071128185730Z
    groupMembership: cn=2006LUM,ou=GROUPS,o=NITRKL
    groupMembership: cn=STAFF,ou=GROUPS,o=NITRKL
    cn: helpdesk
    ACL: 2#subtree#cn=helpdesk,ou=OTHERS,o=NITRKL#[All Attributes Rights]
    ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#loginScript
    ACL: 2#entry#[Public]#messageServer
    ACL: 2#entry#[Root]#groupMembership
    ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#printJobCon figuration
    ACL: 2#entry#[Root]#networkAddress
    ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#iFolderServ erName
    ACL: 2#entry#[Public]#uidNumber
    ACL: 2#entry#[Public]#gidNumber
    ACL: 2#entry#[Public]#loginShell
    ACL: 2#entry#[Public]#homeDirectory
    ACL: 2#entry#[Public]#gecos
    ACL: 2#entry#[Public]#groupMembership
    ACL: 1#entry#[Public]#cn
    ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#lmPassword
    ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#ntPassword

    # search result
    search: 2
    result: 0 Success

    # numResponses: 2
    # numEntries: 1

    I THINK THIS SATISFIES TO UR QUESTION...

  8. #8
    yearend is offline Junior Member
    Join Date
    Nov 2007
    Posts
    6
    Rep Power
    7

    Default More specific search

    Sorry!! probably above output is not satisfing to Ur question....

    I executed following in zimbra server which is most specific as per my setting in zimbra

    ldapsearch -v -b 'o=nitrkl' -h 192.168.1.121 -x '(cn=helpdesk)'

    it shows following:-

    # extended LDIF
    #
    # LDAPv3
    # base <o=nitrkl> with scope sub
    # filter: (cn=helpdesk)
    # requesting: ALL
    #

    # helpdesk, OTHERS, NITRKL
    dn: cn=helpdesk,ou=OTHERS,o=NITRKL
    primaryGroupID: 623
    rid: 2721
    pwdLastSet: 1157778528
    acctFlags: [UX ]
    ntPassword: 4bdc2cb893fb6196e53db96d0b797852
    lmPassword: f647e49453fa8f01b75e0c8d76954a50
    iFolderServerName: *
    nIMSLocale: DS:%m/%d/%y
    nIMSLocale: DL:%B %d, %Y
    nIMSLocale: T:%I:%M %p
    nIMSLocale: WDS:0
    nIMSTimezone: 24
    nIMSTemplate: cn=WebAccess,ou=Templates,o=Internet Services
    nIMSDefaultCharset: UTF-8
    novonyxPrivacy: 0
    novonyxTimeout: 6
    novonyxPreferences: ModWeb:MsgPerPage=10
    novonyxLanguage: 4
    loginShell: /bin/bash
    homeDirectory: /home/2006/helpdesk
    gidNumber: 623
    uidNumber: 2721
    mail: Helpdesk at nit.helpdesk@nitrkl.ac.in
    uid: helpdesk
    givenName: Helpdesk at nit
    Language: ENGLISH
    sn: helpdesk
    securityEquals: cn=STAFF,ou=GROUPS,o=NITRKL
    passwordAllowChange: TRUE
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: Person
    objectClass: ndsLoginProperties
    objectClass: Top
    objectClass: iFolderUser
    objectClass: posixAccount
    objectClass: uamPosixUser
    objectClass: sambaAccount
    loginTime: 20071128185730Z
    groupMembership: cn=2006LUM,ou=GROUPS,o=NITRKL
    groupMembership: cn=STAFF,ou=GROUPS,o=NITRKL
    cn: helpdesk
    ACL: 2#subtree#cn=helpdesk,ou=OTHERS,o=NITRKL#[All Attributes Rights]
    ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#loginScript
    ACL: 2#entry#[Public]#messageServer
    ACL: 2#entry#[Root]#groupMembership
    ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#printJobCon figuration
    ACL: 2#entry#[Root]#networkAddress
    ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#iFolderServ erName
    ACL: 2#entry#[Public]#uidNumber
    ACL: 2#entry#[Public]#gidNumber
    ACL: 2#entry#[Public]#loginShell
    ACL: 2#entry#[Public]#homeDirectory
    ACL: 2#entry#[Public]#gecos
    ACL: 2#entry#[Public]#groupMembership
    ACL: 1#entry#[Public]#cn
    ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#lmPassword
    ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#ntPassword

    # search result
    search: 2
    result: 0 Success

    # numResponses: 2
    # numEntries: 1

    I THINK THIS SATISFIES TO UR QUESTION...

  9. #9
    yearend is offline Junior Member
    Join Date
    Nov 2007
    Posts
    6
    Rep Power
    7

    Default

    I think the search base is right... The same search base is used in one of our centralized internet facility (called Cyberoam) and it is working fine... I also shown output of specif ldapsearch U had been asked for based on this search base....

    Where could be the problem U think ?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 9
    Last Post: 03-01-2008, 08:21 PM
  2. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  3. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM
  4. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  5. Replies: 1
    Last Post: 11-23-2005, 01:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •