[SOLVED] zimbra - eDirectory problem

[bushrat]

Hi everybody,

we have a zimbra installation and configured a domain for external LDAP authentication.

We have configured on LDAP search base o=organization.

When testing the connection at the end of the Authentication Configuration Wizard, every username is succesfully authenticated, no matter what context he is located in eDirectory.

However, when we later try to login from a web browser to the Zimbra server, only the admin user ( which is in the context o=organization ) can successfully authenticate. All other users get, even other users that are in o=organization, cannot authenticate.

Any idea what we did wrong?

Thanks a lot.

b.

[p24t]

Welcome to the forums.

Do you see any errors in your log files? Log Files - Zimbra :: Wiki

It's often helpful to know the version of Zimbra you're running as well. If you don't know you can find out by entering "$set:get version" in the search box or by entering zmcontrol -v as the zimbra user on the mail server.

[mmorse]

Another welcome to the forums,

Are your users created on ZCS? (Sorry if it seems naive, but some don't realize they have to - there's also this RFE: Bug 7235 - Auto Provision New Accounts with External LDAP)

Can you provide us with what you entered in every blank of the wizard? (well scrub actual domain as desired)

LDAP Authentication - Zimbra :: Wiki

[bushrat]

ok, thanks for the quick replies:

In the wizard we entered

LDAP URL: IP Address of the eDir server, port 389
LDAP filter: uid=u%
Ldap search base: o=organization

next page we provided username and password of the admin user of edirectory

our users are created in ZCS as follows:

firstname.lastname@domain.com

in edirectory the users are

firstname_lastname ( they are in a variety of contexts )

Like mentioned above when testing from the last page of the wizard, all seems to be fine for every user I tried.

But then the login through the browser does not work.

thanks again.

b.

[p24t]

I tried creating a uid=test_user in my external LDAP. When doing the 'test' portion of the authentication, using 'test_user' worked fine, but trying 'test.user' throws an error. (I didn't think it would work but I wanted to test anyway)

The uid in LDAP needs to match the uid in Zimbra.

[bushrat]

It means we have to rename user accounts, I guess.

Could we have user accounts in ZCS with firstname_lastname and still receive email as firstname.lastname@domain.com? Through an Alias maybe?

The thing is that renaming the eDirectory users to firstname.lastname is not a good idea.

[bdial]

not that this helps this particular problem but a coworker of mine stumbled on this today which is pretty cool for any novell shops runninng zimbra. (i like to see we're not hte only ones!)

Synchronize Zimbra Mailboxes with Identity Manager 3.5.1 | Novell User Communities

[bushrat]

Yes, with IDM it is no problem.

But we do not have IDM. :-)

[drhughes]

In Zimbra try cn=u%.

You could also test to make sure LDAP is working correctly with eDirectory by using ldapsearch from the command line.

ldapsearch -LLL -x -h your.ldap.server -D cn=youruser,o=organization -w cn=id2lookup dn

[bushrat]

thanks.

it is working fine. Just like someone mentioned above: the usernames in ZCS must be the same as in eDirectory.

For the moment we use firstname_lastname in both ZCS and in eDir.

However in ZCS we configure additionally a canonincal address and an alias with fistname.lastname@domain.com.

That way, users login with firstname_lastname. But emails are send and received with firstname.lastname.

we are testing this now, but it seemes to work and give the functionality we expect.

thanks to all for your help