Zimbra LDAP Auth with Mambo

[andrewlapierre]

Ok, I've been fighting with this for a couple days now, and I can't seem to get the Mambo authentication hack to connect to our new Zimbra LDAP. It was working fine with our old server. We use it to authenticate logins to certain pages on our website. The config files look like this, and I've tried a number of combination of different things, but I can't seem to bind.

Code:

return new ldapauthenticator(
Array(
   "_default_group_id" => "255",
   "_user_attributes" => "",
   "_published" => "1",
   "_name" => "OFFICE",
   "ldap_host" => "mail.myhost.com",
   "ldap_port" => "389",
   "ldap_connect" => "",
   "ldap_base_dn" => "",
   "ldap_users_dn" => "uid=[login],ou=people,dc=mydomain,dc=com",
   "ldap_search_string" => "",
   "ldap_use_ldapV3" => "1",
   "ldap_dont_follow_referrals" => "0",
   "ldap_negociate_tls" => "0",
   "ldap_password" => "[password]",
));

If anyone can tell me what is supposed to go where, I would greatly appreciate it. I have also tried just writing my own PHP LDAP page to have better control over my testing, but I can't get that to Bind to the Zimbra LDAP either. It connects to the server, but fails to bind. That code looks like this:

Code:

$ldap['user']              = "alapierre";
        $ldap['pass']              = "password";
        $ldap['host']              = 'mail.myhost.com';
        $ldap['port']              = 389;
        $ldap['dn']                = 'uid='.$ldap['user'].',ou=people,dc=mydomain,dc=com';
        $ldap['base']              = '';
		
	// connecting to ldap
        $ldap['conn'] = ldap_connect( $ldap['host'], $ldap['port'] );
        ldap_set_option($ldap['conn'], LDAP_OPT_PROTOCOL_VERSION, 3);
	
	if($ldap['conn']){
		print "Connected";
	}else{
		print "Failed to connect";
	}
        // binding to ldap
        $ldap['bind'] = ldap_bind($ldap['conn'],$ldap['dn'], $ldap['pass']);

        if ($ldap['bind']) {
            echo "LDAP bind successful...";
            return 1; //returns "ok" to the calling page -- User is authenticated
        } else {
               echo "LDAP bind failed...";
         }

Thanks in advance

[bdial]

have you tried turning the debugging up in zimbra's slapd.conf and see if you get any inormative errors from zimbra?

[bdial]

also maybe try to modify your php code to be a bit more informative

Code:

 
if ($ldap['bind']) {
            echo "LDAP bind successful...";
            return 1; //returns "ok" to the calling page -- User is authenticated
    } else {
            echo "LDAP-Errno: " . ldap_errno($ldap['bind']) . "<br />\n";
            echo "LDAP-Error: " . ldap_error($ldap['bind']) . "<br />\n";
            echo "LDAP bind failed...";
}

[andrewlapierre]

Thanks guys, I've gotten it to bind in Mambo now, the only problem is we have set ou's in Zimbra's Ldap so we can have different containers. One group has access to pages that other groups don't. I'm not sure how to specify the ou we have added in the ldap. When I do an ldap dump, it is listed there ou=group. Any ideas?

[bdial]

I'm not sure I understand your question, but maybe you need to change the ldap_base_dn in mambo to be in that container?