Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Querying Zimbra LDAP w/ SSL

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 08-17-2010, 07:35 AM
New Member
  
Posts: 4
Default Querying Zimbra LDAP w/ SSL
Hello Zimbra Forums!

I'm currently a student doing a summer internship, in which I've been assigned a project to research and implement a single sign on solution for the company with open source software. We decided on ZCS as the groupware / mail solution. I currently have a OpenLDAP server that contains employer and group information, and I'm trying to synch this LDAP with the Zimbra LDAP (so the users can change their passwords with Zimbra interface and change contact information, etc.). I've wrote a simple Perl script to do just this and it works great. For testing purposes I've been using port 389 to view traffic, but now I'd like to configure SSL. I'm assuming that the Zimbra LDAP is expecting some sort of client verification, because when I just switch to LDAPS it fails. In addition, I use JXplorer to view my LDAP trees, and this also fails when I switch to SSL. Can someone push me in the right direction as to what is next? Do I need to copy the *.pem from the Zimbra server? If so, which is the one I want? In the /opt/Zimbra/ssl/ directory there are several different .pem files to choose from.

Any help would be greatly appreciated and if this is a stupid / simple question I apologize; I've just started learning these topics this summer!

Thanks,
Jake Valletta
Reply With Quote
  #2 (permalink)  
Old 08-18-2010, 06:50 AM
New Member
  
Posts: 4
Default
Hi guys, seems like I figured out my error and would like to share with everyone what I have found. Looks there are two errors. Please correct me of anything is incorrect here!

1. Zimbra LDAP doesn't use port 636. Which means of course switching to this port did not work. I verified this with an nmap scan of my Zimbra server and this (dated) post:

LDAP/LDAPS - how to???

The post suggests to use StartTLS rather than SSL on port 389.

2. The second problem was in my understanding of the client cert. verification. The server will present its certificate when an SSL handshake is initiated, and the client chooses what do with the the cert (verify, auto-accept, etc.). I set my Perl script to accept the cert and used StartTLS and it works like a charm now! I hope this clears things up for other people as well!

Thanks,

Jake Valletta
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.