Zimbra Login problem when integrated with external LDAP server

[yearend]

I am using zimbar 4.5.9 version in RHEL4

Authontication Tab after login as admin shows:-

authontication Mechanism: External LDAP
LDAP bind DN template:
LDAP URL: ldap://192.168.1.121:389
LDAP filter: cn=%u
LDAP search base: o=nitrkl
use DN/Password to bind to external server: No

I tested all users currently presend in my LDAP server(192.168.1.121) in Configure Authontication wizard and it shows "Test Successful" but when I really login it shows "The Username and passward is incorrect verify that CAPSLOCK is not on, and then retype the username and passward"

any solution will be highly apreciated..

Thanks in advance

[phoenix]

What type of external server are you using? Check that you have the search base correctly defined. What happens if you run an ldapsearch against your external server with those credentials?

[phoenix]

Any particular reason you posted a duplicate of this message ten minutes after the first?

[yearend]

I am Using eDirectory from Novel at 192.168.1.121
when I run
ldapsearch -v -b 'o=nitrkl' -h 192.168.1.121 -x '(objectclass=*)'
in zimbra server. The first 50 lines shown are as follows:

# extended LDIF
#
# LDAPv3
# base <o=nitrkl> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# NITRKL
dn: o=NITRKL
bhGUIDList: {68BAB5DB-0000-0104-039A-90FFCB81C78A}
bhGUIDList: {A2DAB043-0000-0104-1991-E2FACB81C78B}
nspmPasswordPolicyDN: cn=Universal Password On,cn=Password Policies,cn=Securit
y
o: NITRKL
objectClass: Organization
objectClass: ndsLoginProperties
objectClass: ndsContainerLoginProperties
objectClass: Top
objectClass: bhPortalConfig
ACL: 2#entry#o=NITRKL#loginScript
ACL: 2#entry#o=NITRKL#printJobConfiguration
ACL: 2#subtree#o=NITRKL#cn
ACL: 2#subtree#o=NITRKL#sn
ACL: 2#subtree#o=NITRKL#givenName
ACL: 2#subtree#o=NITRKL#fullName
ACL: 2#subtree#o=NITRKL#mail
ACL: 2#entry#o=NITRKL#bhGUIDList
ACL: 1#entry#[Public]#[Entry Rights]
ACL: 3#subtree#[Public]#uidNumber
ACL: 3#subtree#[Public]#gidNumber
ACL: 3#subtree#[Public]#homeDirectory
ACL: 3#subtree#[Public]#loginShell
ACL: 3#subtree#[Public]#gecos
ACL: 3#subtree#[Public]#memberUid
ACL: 3#subtree#[Public]#description
ACL: 3#subtree#[Public]#uamPosixWorkstationList
ACL: 3#subtree#[Public]#uamPosixWorkstationContexts
ACL: 3#subtree#[Public]#uamPosixSalt
ACL: 3#subtree#cn=UNIX Workstation - sankha,o=SYSTEMS#passwordExpirationTime
ACL: 3#subtree#cn=UNIX Workstation - sankha,o=SYSTEMS#loginDisabled
ACL: 3#subtree#cn=UNIX Workstation - sankha,o=SYSTEMS#loginExpirationTime
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#ACL
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#objectClass
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhObjectGUID
ACL: 2#subtree#cn=publicUser,ou=Extend,o=NITRKL#cn
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmAcceptList
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmApprovedLi st
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmAssignList
ACL: 6#subtree#cn=pco,ou=Extend,o=NITRKL#bhCmDeniedList

[phoenix]

Yes, but that's not doing a search for this type of entry: filter: cn=%u - you are only listing the structure of your server. How about a search against the directory server for a user with some unique field?

[yearend]

now I executed
ldapsearch -v -b 'cn=helpdesk,ou=others,o=nitrkl' -h 192.168.1.121 -x '(objectclass=*)'

which shows following:-

# extended LDIF
#
# LDAPv3
# base <cn=helpdesk,ou=OTHERS,o=NITRKL> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# helpdesk, OTHERS, NITRKL
dn: cn=helpdesk,ou=OTHERS,o=NITRKL
primaryGroupID: 623
rid: 2721
pwdLastSet: 1157778528
acctFlags: [UX ]
ntPassword: 4bdc2cb893fb6196e53db96d0b797852
lmPassword: f647e49453fa8f01b75e0c8d76954a50
iFolderServerName: *
nIMSLocale: DS:%m/%d/%y
nIMSLocale: DL:%B %d, %Y
nIMSLocale: T:%I:%M %p
nIMSLocale: WDS:0
nIMSTimezone: 24
nIMSTemplate: cn=WebAccess,ou=Templates,o=Internet Services
nIMSDefaultCharset: UTF-8
novonyxPrivacy: 0
novonyxTimeout: 6
novonyxPreferences: ModWeb:MsgPerPage=10
novonyxLanguage: 4
loginShell: /bin/bash
homeDirectory: /home/2006/helpdesk
gidNumber: 623
uidNumber: 2721
mail: Helpdesk at nit.helpdesk@nitrkl.ac.in
uid: helpdesk
givenName: Helpdesk at nit
Language: ENGLISH
sn: helpdesk
securityEquals: cn=STAFF,ou=GROUPS,o=NITRKL
passwordAllowChange: TRUE
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
objectClass: iFolderUser
objectClass: posixAccount
objectClass: uamPosixUser
objectClass: sambaAccount
loginTime: 20071128184348Z
groupMembership: cn=2006LUM,ou=GROUPS,o=NITRKL
groupMembership: cn=STAFF,ou=GROUPS,o=NITRKL
cn: helpdesk
ACL: 2#subtree#cn=helpdesk,ou=OTHERS,o=NITRKL#[All Attributes Rights]
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#printJobCon figuration
ACL: 2#entry#[Root]#networkAddress
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#iFolderServ erName
ACL: 2#entry#[Public]#uidNumber
ACL: 2#entry#[Public]#gidNumber
ACL: 2#entry#[Public]#loginShell
ACL: 2#entry#[Public]#homeDirectory
ACL: 2#entry#[Public]#gecos
ACL: 2#entry#[Public]#groupMembership
ACL: 1#entry#[Public]#cn
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#lmPassword
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#ntPassword

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

[yearend]

Sorry probably above output is not satisfing to Ur question....

I executed following in zimbra server which is most specific as per my setting in zimbra

ldapsearch -v -b 'o=nitrkl' -h 192.168.1.121 -x '(cn=helpdesk)'

it shows following:-

# extended LDIF
#
# LDAPv3
# base <o=nitrkl> with scope sub
# filter: (cn=helpdesk)
# requesting: ALL
#

# helpdesk, OTHERS, NITRKL
dn: cn=helpdesk,ou=OTHERS,o=NITRKL
primaryGroupID: 623
rid: 2721
pwdLastSet: 1157778528
acctFlags: [UX ]
ntPassword: 4bdc2cb893fb6196e53db96d0b797852
lmPassword: f647e49453fa8f01b75e0c8d76954a50
iFolderServerName: *
nIMSLocale: DS:%m/%d/%y
nIMSLocale: DL:%B %d, %Y
nIMSLocale: T:%I:%M %p
nIMSLocale: WDS:0
nIMSTimezone: 24
nIMSTemplate: cn=WebAccess,ou=Templates,o=Internet Services
nIMSDefaultCharset: UTF-8
novonyxPrivacy: 0
novonyxTimeout: 6
novonyxPreferences: ModWeb:MsgPerPage=10
novonyxLanguage: 4
loginShell: /bin/bash
homeDirectory: /home/2006/helpdesk
gidNumber: 623
uidNumber: 2721
mail: Helpdesk at nit.helpdesk@nitrkl.ac.in
uid: helpdesk
givenName: Helpdesk at nit
Language: ENGLISH
sn: helpdesk
securityEquals: cn=STAFF,ou=GROUPS,o=NITRKL
passwordAllowChange: TRUE
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
objectClass: iFolderUser
objectClass: posixAccount
objectClass: uamPosixUser
objectClass: sambaAccount
loginTime: 20071128185730Z
groupMembership: cn=2006LUM,ou=GROUPS,o=NITRKL
groupMembership: cn=STAFF,ou=GROUPS,o=NITRKL
cn: helpdesk
ACL: 2#subtree#cn=helpdesk,ou=OTHERS,o=NITRKL#[All Attributes Rights]
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#printJobCon figuration
ACL: 2#entry#[Root]#networkAddress
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#iFolderServ erName
ACL: 2#entry#[Public]#uidNumber
ACL: 2#entry#[Public]#gidNumber
ACL: 2#entry#[Public]#loginShell
ACL: 2#entry#[Public]#homeDirectory
ACL: 2#entry#[Public]#gecos
ACL: 2#entry#[Public]#groupMembership
ACL: 1#entry#[Public]#cn
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#lmPassword
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#ntPassword

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

I THINK THIS SATISFIES TO UR QUESTION...

[yearend]

Sorry!! probably above output is not satisfing to Ur question....

I executed following in zimbra server which is most specific as per my setting in zimbra

ldapsearch -v -b 'o=nitrkl' -h 192.168.1.121 -x '(cn=helpdesk)'

it shows following:-

# extended LDIF
#
# LDAPv3
# base <o=nitrkl> with scope sub
# filter: (cn=helpdesk)
# requesting: ALL
#

# helpdesk, OTHERS, NITRKL
dn: cn=helpdesk,ou=OTHERS,o=NITRKL
primaryGroupID: 623
rid: 2721
pwdLastSet: 1157778528
acctFlags: [UX ]
ntPassword: 4bdc2cb893fb6196e53db96d0b797852
lmPassword: f647e49453fa8f01b75e0c8d76954a50
iFolderServerName: *
nIMSLocale: DS:%m/%d/%y
nIMSLocale: DL:%B %d, %Y
nIMSLocale: T:%I:%M %p
nIMSLocale: WDS:0
nIMSTimezone: 24
nIMSTemplate: cn=WebAccess,ou=Templates,o=Internet Services
nIMSDefaultCharset: UTF-8
novonyxPrivacy: 0
novonyxTimeout: 6
novonyxPreferences: ModWeb:MsgPerPage=10
novonyxLanguage: 4
loginShell: /bin/bash
homeDirectory: /home/2006/helpdesk
gidNumber: 623
uidNumber: 2721
mail: Helpdesk at nit.helpdesk@nitrkl.ac.in
uid: helpdesk
givenName: Helpdesk at nit
Language: ENGLISH
sn: helpdesk
securityEquals: cn=STAFF,ou=GROUPS,o=NITRKL
passwordAllowChange: TRUE
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
objectClass: iFolderUser
objectClass: posixAccount
objectClass: uamPosixUser
objectClass: sambaAccount
loginTime: 20071128185730Z
groupMembership: cn=2006LUM,ou=GROUPS,o=NITRKL
groupMembership: cn=STAFF,ou=GROUPS,o=NITRKL
cn: helpdesk
ACL: 2#subtree#cn=helpdesk,ou=OTHERS,o=NITRKL#[All Attributes Rights]
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#printJobCon figuration
ACL: 2#entry#[Root]#networkAddress
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#iFolderServ erName
ACL: 2#entry#[Public]#uidNumber
ACL: 2#entry#[Public]#gidNumber
ACL: 2#entry#[Public]#loginShell
ACL: 2#entry#[Public]#homeDirectory
ACL: 2#entry#[Public]#gecos
ACL: 2#entry#[Public]#groupMembership
ACL: 1#entry#[Public]#cn
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#lmPassword
ACL: 7#entry#cn=helpdesk,ou=OTHERS,o=NITRKL#ntPassword

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

I THINK THIS SATISFIES TO UR QUESTION...

[yearend]

I think the search base is right... The same search base is used in one of our centralized internet facility (called Cyberoam) and it is working fine... I also shown output of specif ldapsearch U had been asked for based on this search base....

Where could be the problem U think ?