Results 1 to 9 of 9

Thread: [SOLVED] Password Not being Changed in external LDAP by zimbra server

  1. #1
    sjangra's Avatar
    sjangra is offline Intermediate Member
    Join Date
    May 2011
    Posts
    24
    Rep Power
    4

    Thumbs down [SOLVED] Password Not being Changed in external LDAP by zimbra server

    Password Not being Changed in external LDAP by zimbra server. everything else works fine.

    Any Help....

    Can anyone tell , is it possible to change the "Change Passowrd" link to my own page which will change the external LDAP password. if yes, then where (which directory) contains the source code to change the link.

    Please help guys......
    Thanks.....

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,485
    Rep Power
    56

    Default

    Quote Originally Posted by sjangra View Post
    Password Not being Changed in external LDAP by zimbra server. everything else works fine.
    That isn't currently a supported function (search bugzilla for the RFE and vote on it), you'll currently have to write a script to synchronise the passwords.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    sjangra's Avatar
    sjangra is offline Intermediate Member
    Join Date
    May 2011
    Posts
    24
    Rep Power
    4

    Default

    can i have the script please !!!

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,485
    Rep Power
    56

    Default

    Quote Originally Posted by sjangra View Post
    can i have the script please !!!
    I don't have one, there might be one in the forums if you search.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    sjangra's Avatar
    sjangra is offline Intermediate Member
    Join Date
    May 2011
    Posts
    24
    Rep Power
    4

    Default

    I found the below script !!! thanks...

    #!/bin/bash

    # This script allows the syncing of the Zimbra password database (OpenLDAP)
    # with an external LDAP database (I use an external OpenLDAP) in a three step
    # procedure. It's not *that* user friendly, so I hope you have some idea of
    # how scripts work.
    #
    # The script searches (ldapsearch) whih user has changed his password in the
    # last TIME seconds (i.e. TIME=300 for 5 minutes)
    #
    # The output passes through sed to create a correct ldif. This means adding
    # the "changetype: modify" and "replace: userPassword" strings. In case your
    # password filed has a different name, change the "userPassword" string in
    # the sed line accordingly.
    #
    # Lastly, the ldapmodify command feeds the ldif created by sed to the external
    # server.
    #
    # Written gy Gerasimos Melissaratos (gmelis72 at gmail dot com)

    # Change variables accordingly

    # Time since which to search for changed passwords. i.e. TIME=300 means the
    # user has changed his password in the last 5 minutes. Adjust your crontab
    # accordingly, for example if you run this script every 10 minutes (instead
    # of 5 like I do) change TIME to 600 (min*60)
    TIME=300

    # This is the address where the zimbra ldap is listening. If you have installed
    # zimbra on a cluster, use the cluster IP
    ZIMBRA_LDAP="ldap://cluster.mfa.gr"

    # This is the basically the domain you you want to search. i.e. if you have the
    # zimbra domain foo.org, enter "dc=foo,dc=org"
    ZIMBRA_BASEDN="dc=room,dc=gr"

    # The password to use to connect to the zimbra ldap server. The user is
    # "cn=config" as this is the rootdn for the zimbra ldap, and the password
    # --which you probably do not know-- can be changed by changing the file
    # /opt/zimbra/conf/slapd.conf.in. Just locate the line starting with
    # "rootpw" and change the string starting with "{SSHA}" with the password
    # you wish to have
    ZIMBRA_ROOTPW='zimbra_ldap_password'

    # The address of the external ldap server
    EXTERNAL_LDAP="ldaps://myldapserver.room.gr"

    # The credentials to use. That is the credentials to bind to your ldap server,
    # which of course you know. All it needs is to have enough access to change the
    # userPassword field. It can be the rootdn
    EXTERNAL_LDAP_BINDDN="cn=root,dc=room,dc=gr"

    # The password to use for the aforementioned credentials. Since passwods may include
    # special characters I used single quotes
    EXTERNAL_LDAP_PASSWD='myldapserver_rootpw'

    ldapsearch -LLLx -H "${ZIMBRA_LDAP}" -D "cn=config" -b "${ZIMBRA_BASEDN}" -w "${ZIMBRA_ROOTPW}" \
    "(zimbraPasswordModifiedTime>=`date -u +%Y%m%d%H%M%SZ -d \"-${TIME} sec\"`)" userPassword | \
    sed -e '/ou=people,dc=mfa,dc=gr$/achangetype: modify\nreplace: userPassword' | \
    ldapmodify -x -H "${EXTERNAL_LDAP}" -D "${EXTERNAL_LDAP_BINDDN}" -w "${EXTERNAL_LDAP_PASSWD}"

  6. #6
    shawnchu is offline New Member
    Join Date
    Aug 2011
    Posts
    3
    Rep Power
    3

    Default

    The script works fine when zimbra ldap and external ldap with same BaseDN and ou.

    But my zimbra ldap BaseDN is ou=people,dc=group,dc=example,dc=com
    my openldap server BaseDN is ou=teacher,dc=example,dc=com

    When I running the script, It always shown an error message.
    ldap_modify: No such object (32)
    matched DN: dc=example,dc=com

    I'd search internet for 1 week, but I still can't fix it.
    Someone help me to solve this problem, please!!

    Sorry for my poor English.
    Thanks, Shawn

  7. #7
    shawnchu is offline New Member
    Join Date
    Aug 2011
    Posts
    3
    Rep Power
    3

    Default

    Solved!!

    I fix sed syntax then solved my problem.

    sed -e 's/ou=people,dc=group,dc=example,dc=com/ou=teacher,dc=example,dc=com/g' | \
    sed -e '/ou=teacher,dc=example,dc=com$/achangetype: modify\nreplace: userPassword' | \

  8. #8
    thanhdv is offline New Member
    Join Date
    Oct 2011
    Posts
    4
    Rep Power
    3

    Arrow

    Hi everyone.
    I'm testing a ZCS 7.1.3 OS on Ubuntu 10.04.3 64bit, and use an external OpenLdap + Samba PDC installed on OpenSUSE 11.4 to authenticate users. The connection is fine until i found out that when user change their password in Zimbra Web UI, it doesn't auto-sync to external ldap server.

    I found this thread and try the above script, firstly i have problem when the ldapsearch command execute:
    Code:
    ldap_bind: Invalid credentials (49)
    I've used the slappasswd command to generate a SSHA encrypted password and update in the folowing part of the
    /openldap-2.4.26.5z/etc/openldap/slapd.conf file:
    Code:
    database        bdb
    suffix          "dc=homedomain,dc=org"
    rootdn          "cn=Administrator,dc=homedomain,dc=org"
    # Cleartext passwords, especially for the rootdn, should
    # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
    # Use of strong authentication encouraged.
    rootpw          {SSHA}p7XipDi6VJCfiUpx8XGHmwIq7tnUdXUO
    # The database directory MUST exist prior to running slapd AND
    # should only be accessible by the slapd and slap tools.
    # Mode 700 recommended.
    directory       /opt/zimbra/openldap-2.4.26.5z/var/openldap-data
    In the ldapsearch command, i've tried everything like -D "cn=config", -D "cn=Administrator", -D "cn=root", -D "cn=Administrator,dc=homedomain,dc=org" but the ldap_bind error keeps show up. Then i found that when i use -D "uid=admin,ou=people,dc=homedomain,dc=org", the ldapsearch command can run without error, but nothing returned and no password is updated!
    Code:
    ldapsearch -LLLx -H "${ZIMBRA_LDAP}" -D "uid=admin,ou=people,dc=homedomain,dc=org" -b "${ZIMBRA_BASEDN}" -w "${ZIMBRA_ROOTPW}" \
    "(zimbraPasswordModifiedTime>=`date -u +%Y%m%d%H%M%SZ -d \"-${TIME} sec\"`)"
    I tried this single command and comment the 2 commands followed, but nothing returned, even when i changed the filter to "(zimbraPasswordModifiedTime>=0)" or "(zimbraPasswordModifiedTime=20111116022747Z)"
    This is the exactly time string i got from the command
    Code:
    zimbra@zimbra:/home/administrator$ zmprov ga thanhdv zimbrapasswordmodifiedtime
    # name thanhdv@homedomain.org
    zimbraPasswordModifiedTime: 20111116022747Z
    My ldapsearch command works normally with other normal filter "cn=*" "objectClass=*" ...

    Any help please !!!!!

    Sorry for my bad Eng.
    Thanks, thanhdv.

  9. #9
    thanhdv is offline New Member
    Join Date
    Oct 2011
    Posts
    4
    Rep Power
    3

    Default

    I've made myself getting in trouble T_T .
    Only cn=config can retrieve informations like zimbraPasswordModifiedTime.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Old Backup stay in TO_DELETE status and no clearing..
    By bartounet in forum Administrators
    Replies: 0
    Last Post: 10-05-2010, 07:40 AM
  2. Replies: 21
    Last Post: 02-04-2010, 10:06 AM
  3. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  4. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 03:37 AM
  5. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •