Results 1 to 9 of 9

Thread: Spam Filter LDAP authentication against Zimbra

  1. #1
    haxxess is offline Member
    Join Date
    Jun 2012
    Posts
    11
    Rep Power
    3

    Default Spam Filter LDAP authentication against Zimbra

    I am trying to setup my anti-spam filter (external appliance) to verify recipients, but am unsure on the correct fields to enter.
    I am asked to enter
    LDAP Search User DN: {entered my admin account user@test.com}
    LDAP Password: {and password}
    LDAP Query Filter:
    LDAP Search Base:
    I have searched all the forums and wiki without any luck, all the suggestion I found did not work.
    You help will be appreciated.

  2. #2
    chauvetp is offline Elite Member
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    335
    Rep Power
    7

    Default

    Your search base will depend on your domain. If you are: mail.somewhere.org then your search base should be: dc=mail,dc=somewhere,dc=edu.
    Your query filter (if its asking for what I believe it is) is what the username is called in Zimbra's LDAP. This is uid.
    The search user DN is: uid=zimbra,cn=admins,cn=zimbra
    Your Zimbra LDAP password is obtained by running the following command as the Zimbra user: zmlocalconfig -s | grep ldap_root_password
    ---
    Paul Chauvet
    State University of New York at New Paltz

  3. #3
    haxxess is offline Member
    Join Date
    Jun 2012
    Posts
    11
    Rep Power
    3

    Default

    Thanks for the reply Paul, you taught me about the LDAP password. I was under the impression that this was the same password used for the admin account.
    I have entered the following without any luck.
    LDAP Search User DN: admin-account@mydomain.com
    LDAP Password: The password received the the zmlocalconfig command above.
    LDAP Query Filter: uid=zimbra,cn=admins,cn=zimbra
    LDAP Search Base: dc=mail,dc=mydomain,dc=com

    The LDAP Search Base is the only optional field, I have also tried with this blank.
    Do I have the LDAP Query Filter correct?
    Is the username im using correct also or should this be something specific like the password was?

  4. #4
    chauvetp is offline Elite Member
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    335
    Rep Power
    7

    Default

    Can you test it at the command line? Replace the bold text with your own with your host info:

    ldapsearch -h mail.yourdomain.com -b "dc=mail,dc=mydomain,dc=com" -D "uid=zimbra,cn=admins,cn=zimbra" -x "uid=admin" -W

    You'll be prompted for the zimbra ldap password. I used 'uid=admin' for the actual search but it could be any user on your system, just the username, not the domain.

    Edit: Don't need the output of that command unless it generates an error. If it does, and the error doesn't contain password info or anything confidential, I'd recommend posting it here.
    Last edited by chauvetp; 06-26-2012 at 02:42 PM.
    ---
    Paul Chauvet
    State University of New York at New Paltz

  5. #5
    haxxess is offline Member
    Join Date
    Jun 2012
    Posts
    11
    Rep Power
    3

    Default

    I have run the command above with my own details replaced but when I press enter it just brings me to a new line with a > and blinking cursor. Like its waiting for input.
    I tried entering my password into this console but it just brings me to a new line.
    Same results logged in as the root or zimbra user.
    Is there a log file I might be able to check for more direction or clue?

  6. #6
    chauvetp is offline Elite Member
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    335
    Rep Power
    7

    Default

    Sorry - I left a quotation mark out of the command. I edited my previous post to correct it.
    ---
    Paul Chauvet
    State University of New York at New Paltz

  7. #7
    haxxess is offline Member
    Join Date
    Jun 2012
    Posts
    11
    Rep Power
    3

    Default

    Oh thats much better
    If I leave the uid=admin there is alot of data returned, from my console I can only read the tailend.
    If I have the uid=sam I get the following;

    # extender LDIF
    #
    # LDAPv3
    # base <dc=mail,dc=mydomain,dc=com> with scope subtree
    # filter: uid=sam
    # requesting: ALL
    #

    # search result
    search: 2
    result: 0 Success

    #numResponses: 1

  8. #8
    chauvetp is offline Elite Member
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    335
    Rep Power
    7

    Default

    Is sam a real user? That should only come up if that user does not exist.

    I just noticed though that you have two values transposed. You listed:
    LDAP Search User DN: admin-account@mydomain.com
    LDAP Query Filter: uid=zimbra,cn=admins,cn=zimbra
    What you have for the query filter, should be the LDAP Search User DN.
    The LDAP Query Filter should probably just be uid

    Depending your application, it may want more. Zimbra itself (if you are trying to use it to externally authenticate against another LDAP) uses (uid=%u) as its search filter.
    ---
    Paul Chauvet
    State University of New York at New Paltz

  9. #9
    haxxess is offline Member
    Join Date
    Jun 2012
    Posts
    11
    Rep Power
    3

    Default

    Thankyou very much for your help so far!
    You have helped educate me on the zimbra LDAP auth, I have been able to make progress. I can now successfully connect and verify my email addresses from an external appliance.
    I just not need to teak this device.
    Again thanks

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra OSE as Border Spam Filter
    By GetMeOutOfExchange in forum Administrators
    Replies: 3
    Last Post: 03-22-2011, 03:50 AM
  2. External LDAP authentication filter??
    By vumail in forum Administrators
    Replies: 3
    Last Post: 04-12-2010, 01:11 AM
  3. [SOLVED] Does user filter override system spam filter?
    By raynix in forum Administrators
    Replies: 7
    Last Post: 07-18-2008, 01:23 PM
  4. Spam Filter in Zimbra 5
    By pfefferc in forum Developers
    Replies: 11
    Last Post: 02-18-2008, 05:02 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •