Can anyone tell me , a novice , how to set up external authentication against
OpenLDAP ? I want to use my own openLDAP server instead of the one that ships with zimbra ... AND i want it to be on the same server machine as zimbra ... so I need different ports I guess .
I don't understand all the fields in the admin console for external auth ... can someone post what exactly they have entered there for each field . I am stuck and any help/advice appreciated .
Check out the admin guide the docs are pretty clear on how to setup external auth.
No I am afraid the admin guide won't do it ... if someone can please post what they have entered into those fields ... there is no mention of that in the guide as far as I can tell . What I have tried up to now has not worked . Thanks . Any help much appreciated .
What have you tried? What error are you getting? Can you connect to your LDAP server with ldapsearch?
Thanks , I will get back to tommorrow with more info if you think it might help but this is the error I get in admin console when I run test .
'javax.naming.AuthenticationException LDAP : error code 49 : Invalida Credentials' when I run Test ( Authentication in Admin console )
In my LDAP ( openLdap ) I have
rootdn : dn : cn=Manager,dc=localhost,dc=localdomain .
rootpw : qwerty
So in LDAP Authentication in zimbra's admin console :
Authentication mechanism : External LDAP
LDAP Url : ldap://localhost:389
LDAP Filter : (cn = %u)
LDAP Search base : dc=localhost,dc=localdomain
Bind DN : cn=Manager,dc=localhost,dc=localdomain
Well from the error it's clear the password or bind dn is wrong. Can you validate you've got the password right by binding first with ldapsearch?
I just checked ldapsearch and it works fine with
ldapsearch -x -b 'dc=localhost,dc=localdomain' '(objectclass=*)'
however ... I have to shut off my ldap service when I install zimbra otherwise zimbra doesn't install and start properly ... when I install zimbra I specify a different port for ldap ... then after I start zimbra I also start my own openldap service ... BUT then when I run ldapsearch it is showing content from zimbra's ldap !
So the question is how do I tell zimbra , or ldapsearch for that matter , to use another ldap that is running on the same machine ? I though by changing the port number for zimbra's ldap that that would be enough .
At this time you can't change the Zimbra LDAP port. There are hardcoded scripts that still look at 389. ldapsearch should have a way to pass it an alternate port.
different error now
I changed it so that my own ldap is running on different port ... still problem starting zimbra when I have my own ldap running ( zimbra's ldap fails to start ) . So I start zimbra first then my ldap .
Now in admin console I get javax.naming.InvalidSearchFilterException : Missing 'equals' : remaining name 'dc=localhost,dc=localdomain' ..
I used the same field values like last time ...
Do I need to add the zimbra schema to my ldap ... anything else I need to add ?
If you changed the port the start order shouldn't matter. What error do you get starting Zimbra?