Spam Filter LDAP authentication against Zimbra

[haxxess]

I am trying to setup my anti-spam filter (external appliance) to verify recipients, but am unsure on the correct fields to enter.
I am asked to enter
LDAP Search User DN: {entered my admin account user@test.com}
LDAP Password: {and password}
LDAP Query Filter:
LDAP Search Base:
I have searched all the forums and wiki without any luck, all the suggestion I found did not work.
You help will be appreciated.

[chauvetp]

Your search base will depend on your domain. If you are: mail.somewhere.org then your search base should be: dc=mail,dc=somewhere,dc=edu.
Your query filter (if its asking for what I believe it is) is what the username is called in Zimbra's LDAP. This is uid.
The search user DN is: uid=zimbra,cn=admins,cn=zimbra
Your Zimbra LDAP password is obtained by running the following command as the Zimbra user: zmlocalconfig -s | grep ldap_root_password

[haxxess]

Thanks for the reply Paul, you taught me about the LDAP password. I was under the impression that this was the same password used for the admin account.
I have entered the following without any luck.
LDAP Search User DN: admin-account@mydomain.com
LDAP Password: The password received the the zmlocalconfig command above.
LDAP Query Filter: uid=zimbra,cn=admins,cn=zimbra
LDAP Search Base: dc=mail,dc=mydomain,dc=com

The LDAP Search Base is the only optional field, I have also tried with this blank.
Do I have the LDAP Query Filter correct?
Is the username im using correct also or should this be something specific like the password was?

[chauvetp]

Can you test it at the command line? Replace the bold text with your own with your host info:

ldapsearch -h mail.yourdomain.com -b "dc=mail,dc=mydomain,dc=com" -D "uid=zimbra,cn=admins,cn=zimbra" -x "uid=admin" -W

You'll be prompted for the zimbra ldap password. I used 'uid=admin' for the actual search but it could be any user on your system, just the username, not the domain.

Edit: Don't need the output of that command unless it generates an error. If it does, and the error doesn't contain password info or anything confidential, I'd recommend posting it here.

[haxxess]

I have run the command above with my own details replaced but when I press enter it just brings me to a new line with a > and blinking cursor. Like its waiting for input.
I tried entering my password into this console but it just brings me to a new line.
Same results logged in as the root or zimbra user.
Is there a log file I might be able to check for more direction or clue?

[chauvetp]

Sorry - I left a quotation mark out of the command. I edited my previous post to correct it.

[haxxess]

Oh thats much better
If I leave the uid=admin there is alot of data returned, from my console I can only read the tailend.
If I have the uid=sam I get the following;

# extender LDIF
#
# LDAPv3
# base <dc=mail,dc=mydomain,dc=com> with scope subtree
# filter: uid=sam
# requesting: ALL
#

# search result
search: 2
result: 0 Success

#numResponses: 1

[chauvetp]

Is sam a real user? That should only come up if that user does not exist.

I just noticed though that you have two values transposed. You listed:

LDAP Search User DN: admin-account@mydomain.com
LDAP Query Filter: uid=zimbra,cn=admins,cn=zimbra

What you have for the query filter, should be the LDAP Search User DN.
The LDAP Query Filter should probably just be uid

Depending your application, it may want more. Zimbra itself (if you are trying to use it to externally authenticate against another LDAP) uses (uid=%u) as its search filter.

[haxxess]

Thankyou very much for your help so far!
You have helped educate me on the zimbra LDAP auth, I have been able to make progress. I can now successfully connect and verify my email addresses from an external appliance.
I just not need to teak this device.
Again thanks