Zimbra to Zimbra GAL

[s.vasilyev]

Hi,

I have two zimbra servers both 6.0.4, and new task has been given to get one global list of contacts. I tried connecting one zimbra server to another through GAL Configuration Wizard, using following settings:

GAL: External
Results: 100
Name of gal: my.post.com
Server type: LDAP
ldap://my.post.com:389

ldap filter: (|(cn = %s*)(sn=%s*)(gn=%s*)(mail=%s*))
auto filter: (|(cn = %s*)(sn=%s*)(gn=%s*)(mail=%s*))
base: dc=my, dc=post, dc=com

DN:
DNuser:my_admin_user
DNpass:my_admin_pass

everything next is set by default, and i get error: check.CONNECION_REFUSED
[Root exception is java.net.ConnectException: Connection refused]

Both Zimbra's installed on Ubuntu 8.0.4

I did manage to get it work with AD. I was getting returned with search strings i requested. But no success with LDAP.

Have read all of the gal topics in forums, but still couldnt get it to work.

Please help

[s.vasilyev]

Up, please help

[winampus]

Looks to me that you might have a firewall ( physical or iptables ), or either you don't use plain ldap buy maibe ldaps.

you can check the connectivity between host with telnet <ip> <tcp_port>

I hope this will lead you further in finding the root cause...

Best regards,
Alex R.

[s.vasilyev]

Yes i tried connecting through telnet it does, work with 389 port, but it just black screen,when i try to type in commands, it kinda disconnects me. Is there a way to check LDAP from console? Like is it working at all, if it does it suppose to return something.

[winampus]

You can use ldapsearch to check the response of the remote server
This example below will return you nothing, since in zimbra 6 anonymous bind is not allowed anymore, but at least you can check the connectivity and somre response....

Code:

ldapsearch -t -x -H ldap://<remote_host>:389 -b "" -L (&(objectClass=zimbraAccount))"

Btw... Did you check the connectivity from the machine were you tried to setup the GAL -> the machine where the GAL is ? Or opposite...

Maybe you can describe a bit more how is the connectivity between your hosts...

Code:

serverA --> switchA --> firewallA --> routerA --> switchB --> serverB

I still suspect a connectivity issue...
On the remote host you can check the connections with "netstat -natp"
see if your host from where you try to connect using telnet <host> 389
shows up in that list....

Best regards,
Alex R.

[i2ambler]

Quote:

Originally Posted by winampus

You can use ldapsearch to check the response of the remote server
This example below will return you nothing, since in zimbra 6 anonymous bind is not allowed anymore, but at least you can check the connectivity and somre response....

Code:

ldapsearch -t -x -H ldap://<remote_host>:389 -b "" -L (&(objectClass=zimbraAccount))"

Btw... Did you check the connectivity from the machine were you tried to setup the GAL -> the machine where the GAL is ? Or opposite...

Maybe you can describe a bit more how is the connectivity between your hosts...

Code:

serverA --> switchA --> firewallA --> routerA --> switchB --> serverB

I still suspect a connectivity issue...
On the remote host you can check the connections with "netstat -natp"
see if your host from where you try to connect using telnet <host> 389
shows up in that list....

Best regards,
Alex R.

You dont happen to know what the admin or rootdn for zimbra's openldap is? Whenever I do ldapsearches I get empty results. Im not sure if it allows for anonymous binds or not - and I cant find a slapd.conf to look through. It appears zimbra has obfuscated their openldap install with ldifs for schemas, configuration, and other weirdness.

[phoenix]

Quote:

Originally Posted by i2ambler

You dont happen to know what the admin or rootdn for zimbra's openldap is? Whenever I do ldapsearches I get empty results. Im not sure if it allows for anonymous binds or not - and I cant find a slapd.conf to look through. It appears zimbra has obfuscated their openldap install with ldifs for schemas, configuration, and other weirdness.

Check the current Release Notes for 'anonymous bind' details.

[winampus]

Quote:

Originally Posted by i2ambler

You dont happen to know what the admin or rootdn for zimbra's openldap is? Whenever I do ldapsearches I get empty results. Im not sure if it allows for anonymous binds or not - and I cant find a slapd.conf to look through. It appears zimbra has obfuscated their openldap install with ldifs for schemas, configuration, and other weirdness.

As you can see in my previous post, I mentioned that anonymous bind is not allowed. I have a bit more custom setup, but for binding I use zmposix.... more or less I have added the zmposix user and use that one for binding...

In your case you can use the "uid=zimbra,cn=admins,cn=zimbra" and the ldap root password for binding...

Best regards,
Alex R.

[i2ambler]

Quote:

Originally Posted by winampus

As you can see in my previous post, I mentioned that anonymous bind is not allowed. I have a bit more custom setup, but for binding I use zmposix.... more or less I have added the zmposix user and use that one for binding...

In your case you can use the "uid=zimbra,cn=admins,cn=zimbra" and the ldap root password for binding...

Best regards,
Alex R.

Im not sure what 'ldap root password' is needed to bind to this default instance of zimbra. When admining all of my other openldap Ive just used slappaswd to create the crypted password then stuck it into rootpw slapd.conf.. This was on previous openldap versions <2.3