| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
09-09-2011, 06:02 AM
| | |  Ldap error after migrating from 5.x to 6.x
Hi,
After migrating from Zimbra Opensource Edition 5.x to 6.x (which went well), I have a problem when querying OpenLdap with Java (tomcat6/java6). The query fails with the following Ldap error :
LDAP Error 2 : [LDAP: error code 2 - manageDSAit control value not absent]
It only concerns Java/JNDI applications.
Do you have some ideas ?
Thanks for your help. |
09-19-2011, 04:15 AM
| | |
Sorry to ask again but is there someone to help ?
If I use an Openldap server from Debian Squeeze, my JNDI apps authenticate well.
It appears to be related to OpenLDAP from Zimbra 6...
Thanks for your help. |
09-19-2011, 07:03 AM
| | Intermediate Member | |
Posts: 15
| |
Did you make any configuration file customization?
Do you have any ACLs applied to RootDSE entry?
Did you try connecting without SSL? |
09-19-2011, 07:15 AM
| | |
Quote:
Originally Posted by dhape  Did you make any configuration file customization? | Not at all. Quote:
Originally Posted by dhape Do you have any ACLs applied to RootDSE entry? | There are 10 ACLs applied for the whole Zimbra HDB Database : Code: olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=ad
mins,cn=zimbra" write
olcAccess: {1}to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra"
write
olcAccess: {2}to attrs=zimbraZimletUserProperties,zimbraGalLdapBindPassword,z
imbraGalLdapBindDn,zimbraAuthTokenKey,zimbraPreAuthKey,zimbraPasswordHistory
,zimbraIsAdminAccount,zimbraAuthLdapSearchBindPassword by dn.children="cn=a
dmins,cn=zimbra" write by * none
olcAccess: {3}to attrs=objectclass by dn.children="cn=admins,cn=zimbra" writ
e by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zma
mavis,cn=appaccts,cn=zimbra" read by * read
olcAccess: {4}to attrs=@amavisAccount by dn.children="cn=admins,cn=zimbra" w
rite by dn.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
olcAccess: {5}to attrs=mail by dn.children="cn=admins,cn=zimbra" write by d
n.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
olcAccess: {6}to attrs=zimbraAllowFromAddress by dn.children="cn=admins,cn=z
imbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by * no
ne
olcAccess: {7}to filter="(!(zimbraHideInGal=TRUE))" attrs=cn,co,company,dc,d
isplayName,givenName,gn,initials,l,mail,o,ou,physicalDeliveryOfficeName,post
alCode,sn,st,street,streetAddress,telephoneNumber,title,uid by dn.children=
"cn=admins,cn=zimbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra
" read by * read
olcAccess: {8}to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,zimbraMailC
anonicalAddress,zimbraMailCatchAllAddress,zimbraMailCatchAllCanonicalAddress
,zimbraMailCatchAllForwardingAddress,zimbraMailDeliveryAddress,zimbraMailFor
wardingAddress,zimbraPrefMailForwardingAddress,zimbraMailHost,zimbraMailStat
us,zimbraMailTransport,zimbraDomainName,zimbraDomainType,zimbraPrefMailLocal
DeliveryDisabled by dn.children="cn=admins,cn=zimbra" write by dn.base="ui
d=zmpostfix,cn=appaccts,cn=zimbra" read by * read
olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by
* read
olcAccess: {10}to dn.base="" by * read Quote:
Originally Posted by dhape Did you try connecting without SSL? | For testing purpose, I don't use SSL nor TLS.
I heard somewhere that this may be related to security contexts in OpenLdap 2.4. Could it be a Zimbra customization of OpenLdap building ?
Thanks for your help. Really appreciated.  | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
