External LDAP - Users can't log in

[bjimerson]

I've configured an external Fedora Directory Server to use for authentication, and went to the Authentication Configuration Wizard to configure for external LDAP. I've entered search base, filter, and bind DN, and the Test at the end of the wizard succeeds.

But, when I go to log in as the same user that I used for the test, login fails. Also, should the internal admin still be able to login. If not, how is the administrator determined? The internal admin cannot login in either when external authentication is enabled.

Here is what an entry in my external LDAP directory looks like:

dn: uid=user,ou=People, dc=company,dc=com
mail: user@company.com
uid: user

And an ldap search with this:

ldapsearch -b "dc=company,dc=com" -D "directory manager" -w password "uid=user"

returns the user entry.

Here are the entries used for external authentication:

LDAP Url: ldap://ldap.company.com:389/
LDAP Filter: (uid=%u) or (mail=%n)
LDAP Base Search: ou=People,dc=company,dc=com
Bind DN: cn=directory manager
Bind DN Password: password

which give successful test results.

If it matters, Zimbra is running on FC4 x86.

Any help would be appreciated.

[bjimerson]

I forgot to post the Zimbra version.

I'm using Zimbra Beta 3 Open Source, downloaded today.

[jigi]

that is strange..

I'm using FDS for 3 months now with zimbra and 25 branches of domains and it works perfectly.

A good thing for admin is to have the basic zimbra installed on host.mydomain.com and keep the admin as internal and then, configure another domain as simply mydomain.com to configure the standard accounts.

Also, making a "tail -f" of FDS log in realtime while login should let you diagnose almost any/all FDS auth problems.

--jeff

[KevinH]

You'll also want to setup fallback so the admin account will still work. This will keep you from needing to create a seperate domain just for the admin.

Choice of auth backend?

[sasha]

Jemerson , did you solve this problem ? ... I have the same problem .