Results 1 to 3 of 3

Thread: Zimbra 8.0 , LDAP and ejabberd

  1. #1
    brice.capelle is offline Starter Member
    Join Date
    Nov 2012
    Location
    France
    Posts
    2
    Rep Power
    2

    Default Zimbra 8.0 , LDAP and ejabberd

    Hi all !

    Like a lot of people I'm stuck with LDAP auth with Zimbra. First time I use Zimbra and LDAP too !

    In fact I tried to use ejabberd 2.1 to connect to Zimbra using the LDAP auth but I can't connect.

    I'm trying to find why I can't connect to Zimbra LDAP. So I'm currently using the ldapsearch to understand this.

    I use the "zmlocalconfig -s | grep ldap_" command to find LDAP values in Zimbra.

    Code:
    root@mail:~# ldapsearch -H ldap://server.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com" -x
    # extended LDIF
    #
    # LDAPv3
    # base <ou=people,dc=eulerian,dc=com> with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #
    
    # search result
    search: 2
    result: 0 Success
    
    # numResponses: 1
    I'm using the simple auth but in the conf I see that SASL is forced but if I try to use this with the "zimbra_ldap_password":

    Code:
    root@mail:~# ldapsearch -H ldap://server.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com"
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    Even if I try to force the Zimbra user:
    Code:
    root@mail:~# ldapsearch -H ldap://mail.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com"
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    root@mail:~# ldapsearch -H ldap://mail.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com" -U zimbra
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    root@mail:~# ldapsearch -H ldap://mail.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com" -X "dn:uid=zimbra,cn=admins,cn=zimbra"
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    I searched the net and it seems possible user are not maped for SASL AUTH. I miss something and I don't know what is it, LDAP client conf or the Zimbra server LDAP ...

    If someone got an idea, feel free to answer !

    Thank you for your time.

  2. #2
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    10

    Default

    afaik anonymous binding is disabled in zcs. You'd probably want to bind as the user uid=zimbra,cn=admins,cn=zimbra

  3. #3
    brice.capelle is offline Starter Member
    Join Date
    Nov 2012
    Location
    France
    Posts
    2
    Rep Power
    2

    Default

    Quote Originally Posted by bdial View Post
    afaik anonymous binding is disabled in zcs. You'd probably want to bind as the user uid=zimbra,cn=admins,cn=zimbra
    Thank you for your answer !

    I'm pretty sure it's that but it doesn't work. Seems my Base DN is not ok too ...

    I tried to bind with the -D option, seems I don't use it well ... I fear for the Ejabberd Connection then :/

    What am I doing wrong for the user binding ? I don't understand :/

    The ejabberd server will be on the same server, if I remove the SASL, will it cause problems to Zimbra ?

    Code:
    root@mail:~# ldapsearch -v -h mail.eulerian.com -p 389 -D "uid=zimbra,ou=people,dc=eulerian,dc=com" -b "ou=people,dc=eulerian,dc=com" -X -W
    ldap_initialize( ldap://mail.eulerian.com:389 )
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    Here is a part of the confioguration:
    Code:
    ldap_host = server.eulerian.com
    ldap_is_master = true
    ldap_ldapi_socket_file = ${zimbra_home}/openldap/var/run/ldapi
    ldap_master_url = ldap://server.eulerian.com:389
    ldap_nginx_password = ****
    ldap_overlay_accesslog_logpurge = 01+00:00  00+04:00
    ldap_overlay_syncprov_checkpoint = 20 10
    ldap_port = 389
    ldap_postfix_password = ****
    ldap_read_timeout = 0
    ldap_replication_password = ****
    ldap_root_password = ****
    ldap_starttls_required = true
    ldap_starttls_supported = 1
    ldap_url = ldap://server.eulerian.com:389
    zimbra_class_ldap_client = com.zimbra.cs.ldap.unboundid.UBIDLdapClient
    zimbra_ldap_password = ****
    zimbra_ldap_user = zimbra
    zimbra_ldap_userdn = uid=zimbra,cn=admins,cn=zimbra
    Software: Zimbra 8.0 Network Edition - Ubuntu 12.04

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Ejabberd + Ldap On Zimbra 4.5.0 RC1
    By Caterpillar in forum Administrators
    Replies: 1
    Last Post: 12-09-2008, 05:36 AM
  2. Replies: 1
    Last Post: 11-07-2008, 12:10 PM
  3. Using ejabberd as messaging service with zimbra.
    By risiyanto in forum Administrators
    Replies: 1
    Last Post: 09-07-2007, 06:45 AM
  4. Replies: 2
    Last Post: 05-24-2006, 10:01 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •