Open Directory Password Problems

[jandrews]

Hello,

Using Zimbra 4.5.10_GA_1575.MACOSXx86, using external LDAP (Mac OS X Open Directory 10.4). Users do not have the option to change their password within Zimbra (since using an external directory), however once users change their password with Open Directory, they can no longer log into Zimbra. Neither the old or new passwords work.

Please advise

[jandrews]

Thanks for moving this thread, here is the configuration again:

av_notify_user = admin@zimbra01.domainname.com
calendar_entourage_compatible_timezones = true
calendar_outlook_compatible_allday_events = true
data_source_trust_self_signed_certs = false
debug_mailboxindex_use_new_locking = true
ldap_cache_account_maxage = 15
ldap_cache_account_maxsize = 5000
ldap_cache_cos_maxage = 15
ldap_cache_cos_maxsize = 100
ldap_cache_domain_maxage = 15
ldap_cache_domain_maxsize = 100
ldap_cache_server_maxage = 15
ldap_cache_server_maxsize = 100
ldap_cache_timezone_maxsize = 100
ldap_cache_zimlet_maxage = 15
ldap_cache_zimlet_maxsize = 100
ldap_connect_pool_debug = false
ldap_connect_pool_initsize = 1
ldap_connect_pool_master = false
ldap_connect_pool_maxsize = 50
ldap_connect_pool_prefsize = 0
ldap_connect_pool_timeout = 120000
ldap_connect_timeout = 30000
ldap_host = zimbra01.domainname.com
ldap_is_master = true
ldap_log_level = 32768
ldap_master_url = ldap://zimbra01.domainname.com:10389
ldap_port = 10389
ldap_root_password = *
ldap_url = ldap://zimbra01.domainname.com:10389
localized_msgs_directory = /opt/zimbra/conf/msgs
logger_mysql_bind_address = localhost
logger_mysql_data_directory = /opt/zimbra/logger/db/data
logger_mysql_directory = /opt/zimbra/logger/mysql
logger_mysql_mycnf = /opt/zimbra/conf/my.logger.cnf
logger_mysql_pidfile = /opt/zimbra/logger/db/mysql.pid
logger_mysql_port = 7307
logger_mysql_socket = /opt/zimbra/logger/db/mysql.sock
mysql_bind_address = localhost
mysql_data_directory = /opt/zimbra/db/data
mysql_directory = /opt/zimbra/mysql
mysql_innodb_log_buffer_size = 8388608
mysql_innodb_log_file_size = 104857600
mysql_logger_root_password = *
mysql_memory_percent = 25
mysql_mycnf = /opt/zimbra/conf/my.cnf
mysql_pidfile = /opt/zimbra/db/mysql.pid
mysql_port = 7306
mysql_read_buffer_size = 1048576
mysql_root_password = *
mysql_socket = /opt/zimbra/db/mysql.sock
mysql_sort_buffer_size = 1048576
mysql_table_cache = 500
nio_imap_enable = false
nio_imap_log_buffers = false
nio_imap_write_queue_max_size = 10240000
nio_imap_write_queue_max_size_unauth = 20480
nio_write_buffer_compaction_percent = 50
postfix_alias_maps = hash:/etc/aliases
postfix_broken_sasl_auth_clients = yes
postfix_command_directory = /opt/zimbra/postfix-2.2.9/sbin
postfix_daemon_directory = /opt/zimbra/postfix-2.2.9/libexec
postfix_header_checks = pcre:/opt/zimbra/conf/postfix_header_checks
postfix_mailq_path = /opt/zimbra/postfix-2.2.9/sbin/mailq
postfix_manpage_directory = /opt/zimbra/postfix-2.2.9/man
postfix_newaliases_path = /opt/zimbra/postfix-2.2.9/sbin/newaliases
postfix_queue_directory = /opt/zimbra/postfix-2.2.9/spool
postfix_sender_canonical_maps = ldap:/opt/zimbra/conf/ldap-scm.cf
postfix_sendmail_path = /opt/zimbra/postfix-2.2.9/sbin/sendmail
postfix_smtpd_client_restrictions = reject_unauth_pipelining
postfix_smtpd_data_restrictions = reject_unauth_pipelining
postfix_smtpd_helo_required = yes
postfix_smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
postfix_smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
postfix_smtpd_tls_loglevel = 1
postfix_transport_maps = ldap:/opt/zimbra/conf/ldap-transport.cf
postfix_version = 2.2.9
postfix_virtual_alias_domains = ldap:/opt/zimbra/conf/ldap-vad.cf
postfix_virtual_alias_maps = ldap:/opt/zimbra/conf/ldap-vam.cf
postfix_virtual_mailbox_domains = ldap:/opt/zimbra/conf/ldap-vmd.cf
postfix_virtual_mailbox_maps = ldap:/opt/zimbra/conf/ldap-vmm.cf
postfix_virtual_transport = error
search_dbfirst_term_percentage_cutoff = 0.8
search_disable_database_hints = false
smtp_destination = admin@zimbra01.domainname.com
smtp_notify = yes
smtp_source = admin@zimbra01.domainname.com
snmp_notify = yes
snmp_trap_host = zimbra01.domainname.com
ssl_allow_untrusted_certs = TRUE
stats_img_folder = /opt/zimbra/logger/db/work
timezone_file = /opt/zimbra/conf/timezones.ics
tomcat_directory = /opt/zimbra/tomcat
tomcat_java_heap_memory_percent = 25
tomcat_java_home = /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
tomcat_java_options = -client -XX:NewRatio=2 -Djava.awt.headless=true
tomcat_keystore = /opt/zimbra/tomcat/conf/keystore
tomcat_keystore_password = *
tomcat_pidfile = /opt/zimbra/log/tomcat.pid
tomcat_thread_stack_size = 256k
tomcat_truststore_password = *
wiki_enabled = false
wiki_user = wiki
zimbra_admin_service_port = 7071
zimbra_attrs_directory = /opt/zimbra/conf/attrs
zimbra_auth_always_send_refer = false
zimbra_class_mboxmanager = com.zimbra.cs.mailbox.MailboxManager
zimbra_class_provisioning = com.zimbra.cs.account.ldap.LdapProvisioning
zimbra_db_directory = /opt/zimbra/db
zimbra_extension_common_directory = /opt/zimbra/lib/ext-common
zimbra_extension_directory = /opt/zimbra/lib/ext
zimbra_gid = 502
zimbra_home = /opt/zimbra
zimbra_index_directory = /opt/zimbra/index
zimbra_index_idle_flush_time = 600
zimbra_index_lru_size = 100
zimbra_index_max_uncommitted_operations = 200
zimbra_java_home = /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
zimbra_ldap_password = *
zimbra_ldap_user = zimbra
zimbra_ldap_userdn = uid=zimbra,cn=admins,cn=zimbra
zimbra_log4j_properties = /opt/zimbra/conf/log4j.properties
zimbra_log_directory = /opt/zimbra/log
zimbra_logger_mysql_password = *
zimbra_mailbox_active_cache = 500
zimbra_mailbox_groups = 100
zimbra_mailbox_inactive_cache = 30
zimbra_mailbox_purgeable = true
zimbra_mtareport_max_recipients = 50
zimbra_mtareport_max_senders = 50
zimbra_mysql_connector_maxActive = 42
zimbra_mysql_password = *
zimbra_mysql_user = zimbra
zimbra_server_hostname = zimbra01.domainname.com
zimbra_spam_report_queue_size = 100
zimbra_store_directory = /opt/zimbra/store
zimbra_store_sweeper_max_age = 480
zimbra_throttle_op_concurrency = 1000,1000,1000,1000,1000
zimbra_tmp_directory = /tmp/zimbra
zimbra_uid = 502
zimbra_user = zimbra
zimbra_zmprov_default_soap_server = localhost
zimbra_zmprov_default_to_ldap = false
zimlet_directory = /opt/zimbra/tomcat/webapps/service/zimlet
zmstat_interval = 30
zmstat_log_directory = /opt/zimbra/zmstat

[jandrews]

If Zimbra is running on Zimbra01 and the Open Directory master is running elsewhere, would the following information mean the Open Directory being used is Zimbra's own? Zimbra01 is a replica.

ldap_host = zimbra01.domainname.com
ldap_is_master = true
ldap_log_level = 32768
ldap_master_url = ldap://zimbra01.domainname.com:10389
ldap_port = 10389
ldap_root_password = *
ldap_url = ldap://zimbra01.domainname.com:10389

[jandrews]

Also of note, when I perform a ldapsearch through command line, I get the following response:

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)