Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page [SOLVED] LDAP help with external app

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-15-2010, 08:34 AM
Trained Alumni
  
Posts: 336
Default [SOLVED] LDAP help with external app
Hi
I am trying to authenticate Endian Firewall's VPN users against Zimbra.
I'm following the article at this url:
Endian Knowledge Base / How to configure LDAP authentication with openvpn server

So I produced the following configuration file for openvpn:
Code:
AUTHENTICATION_STACK=ldap,local
AUTH_TYPE=psk
CLIENT_TO_CLIENT=on
DOMAIN=mydomain.it
DROP_DHCP=
GLOBAL_DNS=10.22.22.1
LDAP_BIND_DN=cn=uid=zimbra,cn=admins,cn=zimbra
LDAP_BIND_PASSWORD=ldappwd
LDAP_GROUP_BASEDN=ou=groups,dc=mydomain,dc=it
LDAP_GROUP_MEMBERATTRIBUTE=uniqueMember
LDAP_GROUP_SEARCHFILTER=(|(cn=vpn))
LDAP_REQUIRE_GROUP=on
LDAP_URI=ldap://zimbraserver
LDAP_USER_BASEDN=ou=people,dc=mydomain,dc=it
LDAP_USER_SEARCHFILTER=(&(uid=%(u)s))
OPENVPN_ENABLED=on
OPENVPN_PORT=41194
PURPLECLIENT_BEGIN_DEVICE=tap2
PURPLE_DEVICE=tap0
PURPLE_IP_BEGIN=10.22.22.231
PURPLE_IP_END=10.22.22.240
PUSH_DOMAIN=
PUSH_GLOBAL_DNS=
PUSH_GLOBAL_NETWORKS=
but it won't work.
I stripped out some of the filtering it does, as I only need 'vpn' group.
so it doesn't work.

Anyone did something like that?

I configured Zabbix LDAP login without any issue, I'm wondering what's wrong here...
thanks
__________________
YetOpen S.r.l. ~ Your open source partner
Lecco (LC) - ITALY
http://www.yetopen.it
Reply With Quote
  #2 (permalink)  
Old 10-15-2010, 08:46 AM
Zimbra Consultant & Moderator
  
Posts: 20,313
Default
Have you read the Release Notes about Anonymous searches of LDAP or is the firewall likely to be blocking this request?
__________________
Regards


Bill
Reply With Quote
  #3 (permalink)  
Old 10-15-2010, 12:25 PM
Trained Alumni
  
Posts: 336
Default
thanks for your reply.

that doesn't look to me as an anonymous search...
and btw the vpn reside ON the firewall, there are no restrictions between it and zimbra!
__________________
YetOpen S.r.l. ~ Your open source partner
Lecco (LC) - ITALY
http://www.yetopen.it
Reply With Quote
  #4 (permalink)  
Old 10-16-2010, 02:40 PM
Trained Alumni
  
Posts: 336
Default
Ok this is the correct configuration for Endian Firewall and Zimbra LDAP, to authenticate users in the posix "vpn" group.

Code:
LDAP_BIND_DN=uid=zimbra,cn=admins,cn=zimbra
LDAP_BIND_PASSWORD=MYLDAPPASS
LDAP_GROUP_BASEDN=ou=groups,dc=MYDOMAIN,dc=it
LDAP_GROUP_MEMBERATTRIBUTE=memberUid
LDAP_GROUP_SEARCHFILTER=(|(cn=vpn))
LDAP_REQUIRE_GROUP=on
LDAP_URI=ldap://MYZIMBRASERV
LDAP_USER_BASEDN=ou=people,dc=MYDOMAIN,dc=it
LDAP_USER_SEARCHFILTER=(&(uid=%(u)s))
can be improved with checks like if the user is active, for instance.

efw vpn is based on openvpn, so I guess these settings, in one way or another, will fit for every openvpn client.
__________________
YetOpen S.r.l. ~ Your open source partner
Lecco (LC) - ITALY
http://www.yetopen.it
Last edited by maxxer; 10-16-2010 at 03:08 PM.. Reason: added openvpn note
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.