auth on active directory with ldap
Hi, I am triyng to validate accounts using active directory ldap. I am not using native active directory because the domain I wish to validate is different from the AD domain (may be I don't know how to do in that way).
I am facing ldap error 49 ... 525 reporting bad dn, but I can't find the error.
Using ldapsearch the dn is reported correctly.
Here my settings:
zimbraAuthLdapSearchBindDn: "CN=ldap_browser,OU=Domain Controllers,DC=ced,DC=aos"
zimbraAuthLdapSearchFilter: (&(samAccountName=%u)(objectClass=OrganizationalPe rson))
Here my ldapsearch test:
ldapsearch -x -LLL -H ldap://172.18.10.23:389 -b "DC=ced,DC=aos" -D "CN=ldap_browser,OU=Domain Controllers,DC=ced,DC=aos" -w secret "(&(samAccountName=daniele)(objectClass=Organizati onalPerson))" dn
zimbra is zcs-7.2.0_GA_2669.UBUNTU10_64.20120410002303 on ubuntu 10.04 64 bit
I guess is something related to AD/non standard ldap but I am not able to find a clue or a way to troubleshoot the problem.
Anybody can help me?
[solved] auth on active directory with ldap
The problem was (I suppose) the failing parameter zimbraAuthLdapBindDn.
Using zmprov I setup the parameters:
zimbraAuthLdapBindDn: %firstname.lastname@example.org where domain.local is the AD domain (this shoul be different from the zimbra mail domain)
zimbraAuthLdapSearchBase: starting point of ldap search
zimbraAuthLdapSearchBindDn: user enabled to search
zimbraAuthLdapSearchFilter: in my case (&(samAccountName=%u)(objectClass=person)) but also other filters works
zimbraAuthLdapURL: ldap://ad1:389 ldap://ad2:389
In AD I have 2 domain servers and port 3268 is open only on 1 of them. Checking port 3268 on first server is ok, but not in 2nd. To have redundancy I did use port 389 on both servers