Results 1 to 7 of 7

Thread: zimbra ldap

  1. #1
    mikex is offline Junior Member
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    6

    Default zimbra ldap

    I am trying to connect to zimbra ldap from remote machine .

    I run ldapsearch -h fqdn -x -D 'binddn' -S '' -w passwd -b "ou=people,etc." .

    The error message i get is ldap_sasl_bind(SIMPLE) : can't contact LDAP server .

    Now if i run this ldapsearch directly on the zimbra machine , it works fine except i found out i have to use that -x option which i am not familiar with and i haven't seen this sasl thing before either .

    Anyone know to point me in the right direction ?

  2. #2
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    10

    Default

    are you sure you're not running any firewall on the local machine or in between the 2 machines you are using? Afaik, zimbra-ldap listens on every interface by default. Maybe try to telnet to port 389 of the zimbra server and see if you actually connect to the port.

  3. #3
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Welcome to the forums,

    I'm not a big LDAP person so can't speak to your ldapsearch query - but just a reminder that if you do determine that it's a firewall we don't recommend 389 open to the entire internet - keep it to your LAN (or VPN groups etc).

    Firewall Configuration - Zimbra :: Wiki & Ports - Zimbra :: Wiki

    See this post about 389: [SOLVED] Serious security breach on all Zimbra servers?

    Open: Bug 15378 - Obviate the need for and disallow LDAP anonymous binds

    Currently you can connect securely, but you can still connect insecurely - hence the recommendation to prevent at the firewall.

    Say you want 389 open but not insecure communication:
    See what security level TLS connections make (usually it's 256 - depends on your key strength though) then add add security tls=256 to /opt/zimbra/conf/sldapd.conf.in
    security ssf=256 would be better to require all communications be 256 enc
    security ssf=256 simple_bind=256

    Open: Bug 20739 - make force-TLS for LDAP configurable (hook up the ldap_require_tls attribute)

    5.0.7 internal communication lock down: Bug 16601 - Secure Access To LDAP (ldap_starttls_supported and zimbra_require_interprocess_security)
    Last edited by mmorse; 07-07-2008 at 12:24 PM.

  4. #4
    mikex is offline Junior Member
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    6

    Default mta tls

    We have MTA TLS on ... does that mean i must connect with TLS to ldap ?

    Or should i be able to connect with no problem using simple bind ?

    There is no firewall interference .

  5. #5
    mikex is offline Junior Member
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    6

    Default

    Found the problem :

    the problem is slapd is called with -h option :

    -h myhost.com:389 .

    if no h option is specified it defaults to ldap:/// which allows slapd to listen to all ipaddresses ... anyone know how to start zimbra ldap without the -h ?

  6. #6
    mikex is offline Junior Member
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    6

    Default

    i changed ldap_url in localconfig.xml to ldap:/// and everything works fine now .

  7. #7
    mikex is offline Junior Member
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    6

    Default

    no , i just discovered that e-mails are not being received ... so ldap:/// as ldap_url is a problem ... ldap works fine though ...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  2. [SOLVED] Error Installing Zimbra on RHEL 5
    By harris7139 in forum Installation
    Replies: 10
    Last Post: 09-25-2007, 11:39 AM
  3. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  4. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM
  5. Replies: 16
    Last Post: 09-07-2006, 06:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •