Disable Anonymous LDAP Browse

[Himanshu]

How does one make zimbra ldap to return authenticated search.. What username , password & syntax should be used
in context to outlook 2007..? As I have a new install of current versio which does not return any results & old install which was upgraded to current version returns results as anonymous query is allowed.

[ewilen]

Disable Anonymous LDAP Browse tells how you can modify your new install to allow anonymous queries.

I assume username and password for authentication are <email address> and <email password> respectively. You'll want to use secure LDAP to prevent those credentials from being sniffed.

Outlook-specific information: http://office.microsoft.com/en-us/ou...101611033.aspx

I haven't tested these instructions but I hope they help.

[ewilen]

Now I'm trying to set this up myself using Mac Address Book as an LDAP client.

It's always been fine using anonymous LDAP but now that we're on GnR I'd like to use secure authenticated LDAP and open up the firewall.

But do I have to turn off anonymous LDAP in order to allow clients to authenticate?

It seems if I turn off anonymous LDAP, port 389 stays open on zimbra and port 636 stays closed. (Based on nmap.) I'm guessing that TLS is available, but I'm not sure that's compatible with Address Book even if I turn on SSL and then manually change the port from 636 to 389.

The best I seem to be able to do is leave SSL turned off and enter my username@domain, password credentials in Address Book preferences. The lookups don't work but at least the error I get in the Mac console is

3/25/10 5:41:36 PM Address Book[3426] [zimbra] Could not bind to server: Invalid DN syntax (ID 34)

instead of a password error or

3/25/10 6:04:27 PM Address Book[3426] [zimbra] Could not bind to server: Can't contact LDAP server (ID -1).

Anyone else had any success in this area? I guess I'll try Apache Directory Studio tomorrow.