Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-01-2010, 01:28 AM
Moderator
 
Posts: 7,928
Default Zimbra GAL Search

Must have sleepy eyes this morning but cannot get a normal user to be able to query the Zimbra GAL. I have disabled anonymous binds with zmldapanon -d but when I execute
Code:
ldapsearch -x -H ldap://zimbra.domain.com:389 -D uid=user,ou=people,dc=domain,dc=com -W -b "ou=people,dc=domain,dc=com" mail=*
I am prompted for the password but when I enter it I get INVALID CREDENTIALS
__________________
Reply With Quote
  #2 (permalink)  
Old 09-01-2010, 03:42 AM
Moderator
 
Posts: 7,928
Default

I have tried adding to slapd.conf
Code:
access to userPassword
    by anonymous auth
    by * none
and then restarting LDAP with
Code:
ldap stop ; ldap start
and I still receive the error even though the password is correct.
__________________
Reply With Quote
  #3 (permalink)  
Old 09-02-2010, 04:57 AM
Moderator
 
Posts: 7,928
Default

Support case 00058201 opened.
__________________
Reply With Quote
  #4 (permalink)  
Old 09-02-2010, 08:45 AM
Moderator
 
Posts: 7,928
Default

Well, finally I worked it out ... If you are using an external LDAP for Zimbra authentication things like ldapsearch against the Zimbra LDAP will not work This is due to the Z-LDAP instance looking at the local Zimbra password and not following the chain to the external source Hopefully the Zimbra resident LDAP guru will think of a way to handle this
__________________
Reply With Quote
  #5 (permalink)  
Old 09-02-2010, 04:20 PM
Elite Member
 
Posts: 469
Default

Hey - I think you just figured out something that stumped me for 2 days recently. Now, if only I could remember what I was trying to do when I ran into this roadblock
Reply With Quote
  #6 (permalink)  
Old 09-06-2010, 04:12 AM
Advanced Member
 
Posts: 192
Default

Not really a solution, but perhaps a temporary workaround: it does seem to work for Admin accounts. Of course a temporary zmldapanon -e would also do the trick...
Reply With Quote
  #7 (permalink)  
Old 11-20-2010, 02:11 PM
Active Member
 
Posts: 28
Default

Is this a bug or normal behavior, or is it a misconfiguration?

I have run into this situation after my process of migrating from 6.0.8 32bit to 6.0.8 64bit following this procedure. And that 32bit install was allowing anonymous external ldap connections, so I wouldn't have noticed this situation before the migration. Now none of my mail clients will search to the GAL via LDAP either anonymously OR when authenticating a user who is not a local user (my admin user works).

Another symptom that I have is that I cannot run the zmldapanon script to either enable or disable anonymous ldap access. It fails with the error Bind: Invalid credentials.

Are you guys having this problem with migrated 32-64 bit systems?
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.