| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
07-14-2011, 07:08 PM
| | |  External LDAP not working
I am trying to setup Zimbra to include an external LDAP directory. My external directory does not support TLS or SSL, its clear text all the way for now  .
When I go to Domains > enactpc.com > Configure Authentication, everything works, even the test form at the end.
However when I go to the webmail front end to login, it complains: Code: The username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current username and password. My domain is: Code: dc=sbs,dc=enactpc,dc=com With a group called ou=Users, will all users as uid=<username>.
My Zimbra settings: Code: LDAP Filter: (uid=%u)
LDAP Search Base: ou=Users,dc=sbs,dc=enactpc,dc=com Anybody have any clue? |
07-14-2011, 07:34 PM
| | |
My Settings are:
Authentication mechanism:
External LDAP
LDAP URL:
ldap://ldap.domain.com.au:389
LDAP filter:
uid=%u
LDAP search base:
ou=users,ou=contacts,dc=domain,dc=com,dc=au
Use DN/Password to bind to external server: No
We dont require SSL or authentication to "read" from our ldap tree....
i also dont have () around uid=%u, but i dont think that matters...
what do the log files say? |
07-14-2011, 07:39 PM
| | |
Quote:
Originally Posted by PhD  My Settings are:
Authentication mechanism:
External LDAP
LDAP URL:
ldap://ldap.domain.com.au:389
LDAP filter:
uid=%u
LDAP search base:
ou=users,ou=contacts,dc=domain,dc=com,dc=au
Use DN/Password to bind to external server: No
We dont require SSL or authentication to "read" from our ldap tree....
i also dont have () around uid=%u, but i dont think that matters...
what do the log files say? | Thats also a problem, where are the logs for LDAP stuff? |
07-14-2011, 09:03 PM
| | |
you'll probably want to look in /opt/zimbra/logs/mailbox.log |
07-14-2011, 09:17 PM
| | |
I ran: Code: cat log/* | grep -i 'csoviero' (csoviero is the account that exists only in LDAP)
And the only mention of anything is this: Code: mailbox.log:
2011-07-14 23:15:27,493 INFO [btpool0-0://localhost/service/soap/AuthRequest] [oip=10.0.0.103;ua=zclient/7.1.1_GA_3213;] SoapEngine - handler exception: authentication failed for [csoviero], account not found Edit: Oh, and it totally slipped my mind:
I am running ZCS OSE 7.1.1 with the latest paches on Ubuntu 10.04.2 64bit.
Last edited by ksoviero; 07-14-2011 at 09:25 PM..
|
07-15-2011, 03:41 AM
| | |
can you do a slapcat of your external ldap server and reply with what a typical user account ldif looks like - it seems maybe the uid's dont match maybe |
07-15-2011, 11:56 AM
| | | 
Quote:
Originally Posted by PhD can you do a slapcat of your external ldap server and reply with what a typical user account ldif looks like - it seems maybe the uid's dont match maybe | Here is a typical user: Code: dn: uid=csoviero,ou=Users,dc=sbs,dc=enactpc,dc=com
cn: Celine Soviero
uid: csoviero
sn: Soviero
uidNumber: 2003
gidNumber: 1901
homeDirectory: /home/csoviero
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
objectClass: sambaSamAccount
structuralObjectClass: inetOrgPerson
entryUUID: d8127e1e-4107-1030-9174-a33dba875ce5
creatorsName: cn=ebox,dc=sbs,dc=enactpc,dc=com
createTimestamp: 20110712192110Z
givenName: Celine
sambaPwdCanChange: 0
sambaLogoffTime: 2147483647
sambaLogonTime: 0
sambaAcctFlags: [U]
sambaKickoffTime: 2147483647
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1310498470
sambaPwdMustChange: 2147483647
sambaPrimaryGroupSID: S-1-5-21-3818554400-921237426-3143208535-513
sambaSID: S-1-5-21-3818554400-921237426-3143208535-5006
loginShell: /bin/bash
sambaHomePath: \\sbs\homes\csoviero
sambaProfilePath: \\sbs\profiles\csoviero
userPassword:: XXX
eboxSha1Password: {SHA}XXX
eboxMd5Password: {MD5}XXX
eboxLmPassword: XXX
eboxNtPassword: XXX
eboxDigestPassword: {MD5}XXX
eboxRealmPassword: {MD5}XXX
description: sbs
sambaNTPassword: XXX
sambaLMPassword: XXX
entryCSN: 20110715010545.604274Z#000000#000#000000
modifiersName: cn=ebox,dc=sbs,dc=enactpc,dc=com
modifyTimestamp: 20110715010545Z  |
07-16-2011, 10:17 PM
| | |
Hello? (bump) |
07-16-2011, 10:27 PM
| | |
disregard this post... |
07-16-2011, 10:35 PM
| | |
a working line in my audit log shows:
2011-07-17 14:59:32,345 INFO [btpool0-2457://localhost/service/soap/AuthRequest] [name=username@domain.com;oip=10.0.0.10;ua=zclient/7.1.1_GA_3213;] security - cmd=Auth; account=username@domain.com; protocol=soap;
it looks like it might failing at finding a "valid" zimbra account?
whats the output of
zmprov ga csoviero | grep -e ^uid: -e ^mail: | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
