External LDAP not working

[ksoviero]

Quote:

Originally Posted by PhD

a working line in my audit log shows:
2011-07-17 14:59:32,345 INFO [btpool0-2457://localhost/service/soap/AuthRequest] [name=username@domain.com;oip=10.0.0.10;ua=zclient/7.1.1_GA_3213;] security - cmd=Auth; account=username@domain.com; protocol=soap;

it looks like it might failing at finding a "valid" zimbra account?

whats the output of

zmprov ga csoviero | grep -e ^uid: -e ^mail:

ERROR: account.NO_SUCH_ACCOUNT (no such account: csoviero)

I may have found the problem...

I did a tcpdump while doing the following, and opened it up in Wireshark:

• Doing the test (that works)
• Actually logging in (which doesn't work)

When doing the first, I see a dozen or so packets flying back and forth with LDAP auth info...

However, when I actually try to login, there is no connection attempted between the LDAP server and Zimbra AT ALL!?

Huh!?

Edit: I also did a packet capture while running your command, and again no communication between the two servers... I am so confused.

[ksoviero]

Quote:

Originally Posted by PhD

did you "actually" create a zimbra account called csoviero for the domain you have configured?

You still need to actually create users in zimbra, and their username must match the uid in ldap (or if it doesnt, then there is a field to map the user in zimbra to a user in ldap called "External LDAP account for Authentication:") - then you can log in using the username (or alias of the username) and the password in ldap.

Huh? You have to create the user in both Zimbra and the LDAP server to authenticate against the LDAP server? Doesn't that defeat the purpose?

[PhD]

Yes that right... as zimbra uses its own internal ldap system for user accounts and system settings...
external ldap auth is just that... used for password authentication - but it still requires a valid user account in zimbra to authenticate with

[ksoviero]

Quote:

Originally Posted by PhD

Yes that right... as zimbra uses its own internal ldap system for user accounts and system settings...
external ldap auth is just that... used for password authentication - but it still requires a valid user account in zimbra to authenticate with

Whatever man,

Thank you for all your help though!

[PhD]

you can use the provisioning tool to import all the user accounts from your external ldap source - as a quick way to import them... (i think the OSS version has that option...) -

LDAP Authentication - Zimbra :: Wiki - this might give some more info for ldap auth..

and this Use external LDAP and MySQL mentions about something similar to what you were hoping to achive..


Good luck with it.. zimbra really is a good product