Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: [SOLVED] Auth from Extern LDAP

  1. #1
    augustobsb is offline Member
    Join Date
    Apr 2008
    Posts
    13
    Rep Power
    7

    Default [SOLVED] Auth from Extern LDAP

    Hi,
    I configured the Zimbra for AUTH from one External LDAP, i read this:

    LDAP AUth from Zimbra WIKI, in the test on config, the user Auth with success, but, when i try login in the "Mailbox" is not possible...i atived the

    Code:
    log4j.logger.zimbra.account=DEBUG
    And i search with zmprov

    Code:
    zimbra@zimbra:~/bin$ zmprov ga jose.ferronato@domain | grep zimbraAuthLdapExternalDn
    ERROR: account.NO_SUCH_ACCOUNT (no such account: jose.ferronato@domain)

    This is my config:

    LDAP = ldap.domain
    filter: (uid=%n)
    base: dc=domain,dc=com,dc=br

    I use the DN for search, and connect correct.

    How do for the LDAP Extern work, for Auth in Zimbra?

    Thanks

  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Quote Originally Posted by augustobsb View Post
    Code:
    zimbra@zimbra:~/bin$ zmprov ga jose.ferronato@domain | grep zimbraAuthLdapExternalDn
    ERROR: account.NO_SUCH_ACCOUNT (no such account: jose.ferronato@domain)
    Just out of curiosity...did you create jose.ferronato@domain.tld?

    You can vote for / support ticket tag / cc watch this RFE: Bug 7235 - Auto Provision New Accounts with External LDAP
    See comment #2
    Goal 1: On first login create the account if found in external LDAP/AD
    Goal 2: sync (periodic check for an attribute and enable/disable the account in Zimbra as necessary)

  3. #3
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    It's just a WAG (you could always be spelling it wrong), but currently you need to provision the accounts in zimbra first so I'm kinda wondering if you think the external LDAP auth does this automatically - which it doesn't just yet.

    These will be handy:
    Zmprov - Zimbra :: Wiki
    Zmprov Examples - Zimbra :: Wiki
    Bulk Provisioning - Zimbra :: Wiki

  4. #4
    augustobsb is offline Member
    Join Date
    Apr 2008
    Posts
    13
    Rep Power
    7

    Default

    [QUOTE=mmorse;89381]Just out of curiosity...did you create jose.ferronato@domain.tld?


    This user exists in other LDAP, what the zimbra Auth, not in ZimbraLDAP.

    Code:
    ...but currently you need to provision the accounts in zimbra first...
    I not understanding, the Zimbra not have the accounts, this accounts is in other LDAP...the zimbra go to other LDAP for AUTH and, return with the correct credencials, i configured this in domain, "auth metod", use "Extern LDAP".

    Correct?

    Thanks for your help

  5. #5
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    You need to create the account in zimbra, the external LDAP will be used for authentication (ie: the password) when they sign in.

  6. #6
    augustobsb is offline Member
    Join Date
    Apr 2008
    Posts
    13
    Rep Power
    7

    Default

    sorry, but, only the one account if the LDAP users for AUTH, or, all acounts from other LDAP ?

    Thanks

  7. #7
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    zmprov ca jose.ferronato@domain.tld ‘’
    (creates an account with a null password - since you're using external auth)

  8. #8
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    All of them like the above example.

    For any admin accounts I would still set a password, as admin accounts in the most recent versions automatically have fallback auth 'set' in-case your external LDAP/AD auth is unavailable or configured improperly.

    Don't do this - but to set fallback for everyone it's like:
    zmprov md domain.com zimbraAuthFallbackToLocal TRUE

  9. #9
    augustobsb is offline Member
    Join Date
    Apr 2008
    Posts
    13
    Rep Power
    7

    Default

    Mmorse
    Very thanks! The Auth work now!!
    I create one script using zmprov, for create all users
    but in LDAP Wiki Config is not cited the create a users with ZMPROV

    Thanks again!

  10. #10
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Awesome - think the references to mapping a Zimbra account to an external account were supposed to take care of that, but we'll fix some wording

    I encourage you to go vote for Bug 7235 - Auto Provision New Accounts with External LDAP
    (Have to register first - not linked to your forum account.)

    http://www.zimbra.com/forums/announc...html#post62754 so we know what version you're using as it often affects the commands given or options we provide.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP Cannot bind on migration to new server
    By neekster in forum Migration
    Replies: 23
    Last Post: 03-09-2009, 02:08 AM
  2. upgrading from 5.0.4 to 5.0.5 opensource
    By smoke in forum Installation
    Replies: 4
    Last Post: 10-19-2008, 10:38 AM
  3. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  4. Zimbra + Samba LDAP auth problems
    By fajarpri in forum Installation
    Replies: 3
    Last Post: 07-04-2007, 11:39 PM
  5. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •