External LDAP not working

[ksoviero]

I am trying to setup Zimbra to include an external LDAP directory. My external directory does not support TLS or SSL, its clear text all the way for now .

When I go to Domains > enactpc.com > Configure Authentication, everything works, even the test form at the end.

However when I go to the webmail front end to login, it complains:

Code:

The username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current username and password.

My domain is:

Code:

dc=sbs,dc=enactpc,dc=com

With a group called ou=Users, will all users as uid=<username>.

My Zimbra settings:

Code:

LDAP Filter:  (uid=%u)

LDAP Search Base:  ou=Users,dc=sbs,dc=enactpc,dc=com

Anybody have any clue?

[PhD]

My Settings are:

Authentication mechanism:
External LDAP

LDAP URL:
ldap://ldap.domain.com.au:389

LDAP filter:
uid=%u

LDAP search base:
ou=users,ou=contacts,dc=domain,dc=com,dc=au

Use DN/Password to bind to external server: No

We dont require SSL or authentication to "read" from our ldap tree....
i also dont have () around uid=%u, but i dont think that matters...

what do the log files say?

[ksoviero]

My Settings are:

Authentication mechanism:
External LDAP

LDAP URL:
ldap://ldap.domain.com.au:389

LDAP filter:
uid=%u

LDAP search base:
ou=users,ou=contacts,dc=domain,dc=com,dc=au

Use DN/Password to bind to external server: No

We dont require SSL or authentication to "read" from our ldap tree....
i also dont have () around uid=%u, but i dont think that matters...

what do the log files say?

Thats also a problem, where are the logs for LDAP stuff?

[PhD]

you'll probably want to look in /opt/zimbra/logs/mailbox.log

[ksoviero]

I ran:

Code:

sudo su zimbra

Code:

cat log/* | grep -i 'csoviero'

(csoviero is the account that exists only in LDAP)

And the only mention of anything is this:

Code:

mailbox.log:
2011-07-14 23:15:27,493 INFO  [btpool0-0://localhost/service/soap/AuthRequest] [oip=10.0.0.103;ua=zclient/7.1.1_GA_3213;] SoapEngine - handler exception: authentication failed for [csoviero], account not found

Edit: Oh, and it totally slipped my mind:

I am running ZCS OSE 7.1.1 with the latest paches on Ubuntu 10.04.2 64bit.

[PhD]

can you do a slapcat of your external ldap server and reply with what a typical user account ldif looks like - it seems maybe the uid's dont match maybe

[ksoviero]

can you do a slapcat of your external ldap server and reply with what a typical user account ldif looks like - it seems maybe the uid's dont match maybe

Here is a typical user:

Code:

dn: uid=csoviero,ou=Users,dc=sbs,dc=enactpc,dc=com
cn: Celine Soviero
uid: csoviero
sn: Soviero
uidNumber: 2003
gidNumber: 1901
homeDirectory: /home/csoviero
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
objectClass: sambaSamAccount
structuralObjectClass: inetOrgPerson
entryUUID: d8127e1e-4107-1030-9174-a33dba875ce5
creatorsName: cn=ebox,dc=sbs,dc=enactpc,dc=com
createTimestamp: 20110712192110Z
givenName: Celine
sambaPwdCanChange: 0
sambaLogoffTime: 2147483647
sambaLogonTime: 0
sambaAcctFlags: [U]
sambaKickoffTime: 2147483647
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1310498470
sambaPwdMustChange: 2147483647
sambaPrimaryGroupSID: S-1-5-21-3818554400-921237426-3143208535-513
sambaSID: S-1-5-21-3818554400-921237426-3143208535-5006
loginShell: /bin/bash
sambaHomePath: \\sbs\homes\csoviero
sambaProfilePath: \\sbs\profiles\csoviero
userPassword:: XXX
eboxSha1Password: {SHA}XXX
eboxMd5Password: {MD5}XXX
eboxLmPassword: XXX
eboxNtPassword: XXX
eboxDigestPassword: {MD5}XXX
eboxRealmPassword: {MD5}XXX
description: sbs
sambaNTPassword: XXX
sambaLMPassword: XXX
entryCSN: 20110715010545.604274Z#000000#000#000000
modifiersName: cn=ebox,dc=sbs,dc=enactpc,dc=com
modifyTimestamp: 20110715010545Z

[ksoviero]

Hello? (bump)

[ksoviero]

disregard this post...

[PhD]

a working line in my audit log shows:
2011-07-17 14:59:32,345 INFO [btpool0-2457://localhost/service/soap/AuthRequest] [name=username@domain.com;oip=10.0.0.10;ua=zclient/7.1.1_GA_3213;] security - cmd=Auth; account=username@domain.com; protocol=soap;

it looks like it might failing at finding a "valid" zimbra account?

whats the output of

zmprov ga csoviero | grep -e ^uid: -e ^mail: