Results 1 to 10 of 10

Thread: [SOLVED] zimbra - eDirectory problem

  1. #1
    bushrat is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    7

    Default [SOLVED] zimbra - eDirectory problem

    Hi everybody,

    we have a zimbra installation and configured a domain for external LDAP authentication.

    We have configured on LDAP search base o=organization.

    When testing the connection at the end of the Authentication Configuration Wizard, every username is succesfully authenticated, no matter what context he is located in eDirectory.

    However, when we later try to login from a web browser to the Zimbra server, only the admin user ( which is in the context o=organization ) can successfully authenticate. All other users get, even other users that are in o=organization, cannot authenticate.

    Any idea what we did wrong?

    Thanks a lot.

    b.

  2. #2
    p24t is offline Moderator
    Join Date
    Mar 2007
    Location
    Austin
    Posts
    441
    Rep Power
    8

    Default

    Welcome to the forums.

    Do you see any errors in your log files? Log Files - Zimbra :: Wiki

    It's often helpful to know the version of Zimbra you're running as well. If you don't know you can find out by entering "$set:get version" in the search box or by entering zmcontrol -v as the zimbra user on the mail server.

  3. #3
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Another welcome to the forums,

    Are your users created on ZCS? (Sorry if it seems naive, but some don't realize they have to - there's also this RFE: Bug 7235 - Auto Provision New Accounts with External LDAP)

    Can you provide us with what you entered in every blank of the wizard? (well scrub actual domain as desired)

    LDAP Authentication - Zimbra :: Wiki

  4. #4
    bushrat is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    7

    Default

    ok, thanks for the quick replies:

    In the wizard we entered

    LDAP URL: IP Address of the eDir server, port 389
    LDAP filter: uid=u%
    Ldap search base: o=organization

    next page we provided username and password of the admin user of edirectory

    our users are created in ZCS as follows:

    firstname.lastname@domain.com

    in edirectory the users are

    firstname_lastname ( they are in a variety of contexts )

    Like mentioned above when testing from the last page of the wizard, all seems to be fine for every user I tried.

    But then the login through the browser does not work.

    thanks again.

    b.

  5. #5
    p24t is offline Moderator
    Join Date
    Mar 2007
    Location
    Austin
    Posts
    441
    Rep Power
    8

    Default

    I tried creating a uid=test_user in my external LDAP. When doing the 'test' portion of the authentication, using 'test_user' worked fine, but trying 'test.user' throws an error. (I didn't think it would work but I wanted to test anyway)

    The uid in LDAP needs to match the uid in Zimbra.

  6. #6
    bushrat is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    7

    Default

    It means we have to rename user accounts, I guess.

    Could we have user accounts in ZCS with firstname_lastname and still receive email as firstname.lastname@domain.com? Through an Alias maybe?

    The thing is that renaming the eDirectory users to firstname.lastname is not a good idea.

  7. #7
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    not that this helps this particular problem but a coworker of mine stumbled on this today which is pretty cool for any novell shops runninng zimbra. (i like to see we're not hte only ones!)

    Synchronize Zimbra Mailboxes with Identity Manager 3.5.1 | Novell User Communities

  8. #8
    bushrat is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    7

    Default

    Yes, with IDM it is no problem.

    But we do not have IDM. :-)

  9. #9
    drhughes is offline Senior Member
    Join Date
    Dec 2007
    Posts
    50
    Rep Power
    7

    Default

    In Zimbra try cn=u%.

    You could also test to make sure LDAP is working correctly with eDirectory by using ldapsearch from the command line.

    ldapsearch -LLL -x -h your.ldap.server -D cn=youruser,o=organization -w cn=id2lookup dn

  10. #10
    bushrat is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    7

    Default

    thanks.

    it is working fine. Just like someone mentioned above: the usernames in ZCS must be the same as in eDirectory.

    For the moment we use firstname_lastname in both ZCS and in eDir.

    However in ZCS we configure additionally a canonincal address and an alias with fistname.lastname@domain.com.

    That way, users login with firstname_lastname. But emails are send and received with firstname.lastname.

    we are testing this now, but it seemes to work and give the functionality we expect.

    thanks to all for your help

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  2. Cleanup after many upgrades
    By tobru in forum Installation
    Replies: 1
    Last Post: 12-23-2007, 09:21 AM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  4. Unable to start tomcat
    By chanck in forum Administrators
    Replies: 11
    Last Post: 06-11-2006, 12:58 AM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •