Is there a way to allow Zimbra users (i.e. who have accounts in the Zimbra mail servers), to browse the LDAP tree?
I can browse the LDAP tree using zimbra admin e.g.:
ldapsearch -D "uid=zimbra,cn=admins,cn=zimbra" -w ##### -x -H ldap://zimbraserver:389 "uid=test"
I can also enable anonymous browsing by enabling anonymous (running as zimbra: libexec/zmldapanon -e)
But I've tried "ldapsearch -D "uid=test,dc=people,dc=mydomain,dc=com" -w ##### -x -H ldap://zimbraserver:389 "uid=test" (mydomain.com is sanitised and not my real base DN of course)
ldap_bind: Invalid credentials (49)
So it looks like normal Zimbra users are unable to connect to the Zimbra LDAP tree? I just feel that having anonymous bind is not a good idea.