Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: External LDAP not working

  1. #1
    ksoviero is offline Intermediate Member
    Join Date
    Jun 2010
    Posts
    23
    Rep Power
    5

    Question External LDAP not working

    I am trying to setup Zimbra to include an external LDAP directory. My external directory does not support TLS or SSL, its clear text all the way for now .

    When I go to Domains > enactpc.com > Configure Authentication, everything works, even the test form at the end.

    However when I go to the webmail front end to login, it complains:

    Code:
    The username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current username and password.
    My domain is:

    Code:
    dc=sbs,dc=enactpc,dc=com
    With a group called ou=Users, will all users as uid=<username>.

    My Zimbra settings:

    Code:
    LDAP Filter:  (uid=%u)
    
    LDAP Search Base:  ou=Users,dc=sbs,dc=enactpc,dc=com
    Anybody have any clue?

  2. #2
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    68
    Rep Power
    4

    Default

    My Settings are:

    Authentication mechanism:
    External LDAP

    LDAP URL:
    ldap://ldap.domain.com.au:389

    LDAP filter:
    uid=%u

    LDAP search base:
    ou=users,ou=contacts,dc=domain,dc=com,dc=au

    Use DN/Password to bind to external server: No

    We dont require SSL or authentication to "read" from our ldap tree....
    i also dont have () around uid=%u, but i dont think that matters...

    what do the log files say?

  3. #3
    ksoviero is offline Intermediate Member
    Join Date
    Jun 2010
    Posts
    23
    Rep Power
    5

    Default

    Quote Originally Posted by PhD View Post
    My Settings are:

    Authentication mechanism:
    External LDAP

    LDAP URL:
    ldap://ldap.domain.com.au:389

    LDAP filter:
    uid=%u

    LDAP search base:
    ou=users,ou=contacts,dc=domain,dc=com,dc=au

    Use DN/Password to bind to external server: No

    We dont require SSL or authentication to "read" from our ldap tree....
    i also dont have () around uid=%u, but i dont think that matters...

    what do the log files say?
    Thats also a problem, where are the logs for LDAP stuff?

  4. #4
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    68
    Rep Power
    4

    Default

    you'll probably want to look in /opt/zimbra/logs/mailbox.log

  5. #5
    ksoviero is offline Intermediate Member
    Join Date
    Jun 2010
    Posts
    23
    Rep Power
    5

    Default

    I ran:

    Code:
    sudo su zimbra
    Code:
    cat log/* | grep -i 'csoviero'
    (csoviero is the account that exists only in LDAP)

    And the only mention of anything is this:

    Code:
    mailbox.log:
    2011-07-14 23:15:27,493 INFO  [btpool0-0://localhost/service/soap/AuthRequest] [oip=10.0.0.103;ua=zclient/7.1.1_GA_3213;] SoapEngine - handler exception: authentication failed for [csoviero], account not found
    Edit: Oh, and it totally slipped my mind:

    I am running ZCS OSE 7.1.1 with the latest paches on Ubuntu 10.04.2 64bit.
    Last edited by ksoviero; 07-14-2011 at 09:25 PM.

  6. #6
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    68
    Rep Power
    4

    Default

    can you do a slapcat of your external ldap server and reply with what a typical user account ldif looks like - it seems maybe the uid's dont match maybe

  7. #7
    ksoviero is offline Intermediate Member
    Join Date
    Jun 2010
    Posts
    23
    Rep Power
    5

    Default

    Quote Originally Posted by PhD View Post
    can you do a slapcat of your external ldap server and reply with what a typical user account ldif looks like - it seems maybe the uid's dont match maybe
    Here is a typical user:

    Code:
    dn: uid=csoviero,ou=Users,dc=sbs,dc=enactpc,dc=com
    cn: Celine Soviero
    uid: csoviero
    sn: Soviero
    uidNumber: 2003
    gidNumber: 1901
    homeDirectory: /home/csoviero
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: passwordHolder
    objectClass: sambaSamAccount
    structuralObjectClass: inetOrgPerson
    entryUUID: d8127e1e-4107-1030-9174-a33dba875ce5
    creatorsName: cn=ebox,dc=sbs,dc=enactpc,dc=com
    createTimestamp: 20110712192110Z
    givenName: Celine
    sambaPwdCanChange: 0
    sambaLogoffTime: 2147483647
    sambaLogonTime: 0
    sambaAcctFlags: [U]
    sambaKickoffTime: 2147483647
    sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
    sambaPwdLastSet: 1310498470
    sambaPwdMustChange: 2147483647
    sambaPrimaryGroupSID: S-1-5-21-3818554400-921237426-3143208535-513
    sambaSID: S-1-5-21-3818554400-921237426-3143208535-5006
    loginShell: /bin/bash
    sambaHomePath: \\sbs\homes\csoviero
    sambaProfilePath: \\sbs\profiles\csoviero
    userPassword:: XXX
    eboxSha1Password: {SHA}XXX
    eboxMd5Password: {MD5}XXX
    eboxLmPassword: XXX
    eboxNtPassword: XXX
    eboxDigestPassword: {MD5}XXX
    eboxRealmPassword: {MD5}XXX
    description: sbs
    sambaNTPassword: XXX
    sambaLMPassword: XXX
    entryCSN: 20110715010545.604274Z#000000#000#000000
    modifiersName: cn=ebox,dc=sbs,dc=enactpc,dc=com
    modifyTimestamp: 20110715010545Z

  8. #8
    ksoviero is offline Intermediate Member
    Join Date
    Jun 2010
    Posts
    23
    Rep Power
    5

    Default

    Hello? (bump)

  9. #9
    ksoviero is offline Intermediate Member
    Join Date
    Jun 2010
    Posts
    23
    Rep Power
    5

    Default

    disregard this post...

  10. #10
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    68
    Rep Power
    4

    Default

    a working line in my audit log shows:
    2011-07-17 14:59:32,345 INFO [btpool0-2457://localhost/service/soap/AuthRequest] [name=username@domain.com;oip=10.0.0.10;ua=zclient/7.1.1_GA_3213;] security - cmd=Auth; account=username@domain.com; protocol=soap;

    it looks like it might failing at finding a "valid" zimbra account?

    whats the output of

    zmprov ga csoviero | grep -e ^uid: -e ^mail:

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. External Ldap user attributes
    By jherington in forum Installation
    Replies: 0
    Last Post: 11-20-2007, 12:50 AM
  2. About external LDAP problem, urgent!
    By bylong in forum Administrators
    Replies: 5
    Last Post: 08-24-2007, 07:10 PM
  3. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 04:29 AM
  4. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM
  5. LDAP External Auth Fedora Directory Services
    By prpatrol in forum Administrators
    Replies: 3
    Last Post: 08-14-2006, 06:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •