Results 1 to 7 of 7

Thread: Zimbra GAL Search

  1. #1
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default Zimbra GAL Search

    Must have sleepy eyes this morning but cannot get a normal user to be able to query the Zimbra GAL. I have disabled anonymous binds with zmldapanon -d but when I execute
    Code:
    ldapsearch -x -H ldap://zimbra.domain.com:389 -D uid=user,ou=people,dc=domain,dc=com -W -b "ou=people,dc=domain,dc=com" mail=*
    I am prompted for the password but when I enter it I get INVALID CREDENTIALS

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    I have tried adding to slapd.conf
    Code:
    access to userPassword
        by anonymous auth
        by * none
    and then restarting LDAP with
    Code:
    ldap stop ; ldap start
    and I still receive the error even though the password is correct.

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Support case 00058201 opened.

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Well, finally I worked it out ... If you are using an external LDAP for Zimbra authentication things like ldapsearch against the Zimbra LDAP will not work This is due to the Z-LDAP instance looking at the local Zimbra password and not following the chain to the external source Hopefully the Zimbra resident LDAP guru will think of a way to handle this

  5. #5
    liverpoolfcfan's Avatar
    liverpoolfcfan is offline Outstanding Member
    Join Date
    Oct 2009
    Location
    Dublin, IRELAND
    Posts
    712
    Rep Power
    6

    Default

    Hey - I think you just figured out something that stumped me for 2 days recently. Now, if only I could remember what I was trying to do when I ran into this roadblock

  6. #6
    Hivos's Avatar
    Hivos is offline Advanced Member
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    214
    Rep Power
    5

    Default

    Not really a solution, but perhaps a temporary workaround: it does seem to work for Admin accounts. Of course a temporary zmldapanon -e would also do the trick...

  7. #7
    warmbowski is offline Active Member
    Join Date
    Apr 2008
    Location
    Seattle
    Posts
    37
    Rep Power
    7

    Default

    Is this a bug or normal behavior, or is it a misconfiguration?

    I have run into this situation after my process of migrating from 6.0.8 32bit to 6.0.8 64bit following this procedure. And that 32bit install was allowing anonymous external ldap connections, so I wouldn't have noticed this situation before the migration. Now none of my mail clients will search to the GAL via LDAP either anonymously OR when authenticating a user who is not a local user (my admin user works).

    Another symptom that I have is that I cannot run the zmldapanon script to either enable or disable anonymous ldap access. It fails with the error Bind: Invalid credentials.

    Are you guys having this problem with migrated 32-64 bit systems?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Why is Zimbra so buggy?
    By edwin.arneson in forum Users
    Replies: 50
    Last Post: 11-14-2011, 09:38 AM
  2. postfix relay=none status=bounced for local mails
    By vdd in forum Administrators
    Replies: 1
    Last Post: 08-06-2009, 08:05 AM
  3. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  4. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  5. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 12:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •