ZCS CE 4.0.5 Setting Auth to Active Directory returns empty data

[eaperezh]

Hi, after reading some of the LDAP Auth wikis, I configured in a very simple way the MS windows AD Auth. I connect correctly to the AD in Windows 2003 Server, However all results when searching the GAL are empty.
The Auth part is also not working as expected. Below is my configuration.

Setup:
Windows 2003 server vanilla install with AD and DNS in an internal LAN. I created one user in my windows 2003 and populated all fields (phone, country,email,fax,etc,etc)
servername: acmeserver
domain: acme.com
IP: 192.168.0.3

The Zimbra Server
ZCS CE 4.05 in Centos 4.4
192.168.0.4
Using 192.168.0.3 as DNS server

GAL Setup:
GAL Mode: both
Server Type: Active directory
LDAP Search Base: DC=acme,DC=com
LDAP Url: ldap://acmeserver.acme.com:389
Bind DN: CN=Adminsitrator,CN=Users,DC=acme,DC=com

Authentication Setup: External Active Directory
LDAP Bind DN Template: %u@acme.com
LDAP Url: ldap://acmeserver.acme.com:389

Thanks in advance for your comments,

[phoenix]

That isn't what the bind template should be, have a look at the examples in the wiki or search the forums.

[eaperezh]

I find very hard to believe that in a plain vanilla windows setup and a plain vanilla zimbra setup the Wizard-Generated Active Directory Template in the web Administration Interface is not what is supposed to be.

I wonder if a zimbra developer ever used the graphical Authentication/GAL Wizard instead of the command line tools, not everybody is confortable with LDAP console tools.

I have tried to understand the wiki and some obscure LDAP entries found there but it seems that I need to be a LDAP guru to setup zimbra in a completely standard Active Domain Auth/GAL mode.

Try to understand the frustration of some users in this forum regarding the AD issue. Like me, some of them are doing the most simple domain setup that can *EVER* be installed. If the "graphical wizard" called "Active Directory" does not work, then the applet for AD Auth/GAL is nowhere near ready for production.

The most important feature of Zimbra, the most obscure feature of Zimbra....hard to believe.

Well, back to "Mastering LDAP in 15 seconds"......

[phoenix]

Quote:

Originally Posted by eaperezh

I find very hard to believe that in a plain vanilla windows setup and a plain vanilla zimbra setup the Wizard-Generated Active Directory Template in the web Administration Interface is not what is supposed to be.

Was the 'test' successful for the wizard when you ran it.

Quote:

Originally Posted by eaperezh

I wonder if a zimbra developer ever used the graphical Authentication/GAL Wizard instead of the command line tools, not everybody is confortable with LDAP console tools.

That's a facile statement. Of course the developers use and test the product, so do some very large companies.

Quote:

Originally Posted by eaperezh

I have tried to understand the wiki and some obscure LDAP entries found there but it seems that I need to be a LDAP guru to setup zimbra in a completely standard Active Domain Auth/GAL mode.

No, you don't need to be any sort of 'guru' to use the feature.

Quote:

Originally Posted by eaperezh

Try to understand the frustration of some users in this forum regarding the AD issue.

Try to understand the frustration of board member answering the same questions over and over again. We're quite willing to help but you've given very little information except to say that it doesn't work. There is plenty of information in the forums and wiki on how to set-up the feature.

Quote:

Originally Posted by eaperezh

Like me, some of them are doing the most simple domain setup that can *EVER* be installed. If the "graphical wizard" called "Active Directory" does not work, then the applet for AD Auth/GAL is nowhere near ready for production.

That might be your opinion because you've been unsuccessful so far, it's not born out by the facts.

Quote:

Originally Posted by eaperezh

The most important feature of Zimbra, the most obscure feature of Zimbra....hard to believe.

Most important to whom?

Quote:

Originally Posted by eaperezh

Well, back to "Mastering LDAP in 15 seconds"......

When you've done that, you can update/correct all the information in the wiki.

Now, after we've both had our little rants, what exactly is the problem? You said earlier that "all results when searching the GAL are empty", which results and how did you search?

Have you tried using ldapsearch to see if anything is returned? The reason I said earlier to search the forums is that there are examples of ldapsearch and setting-up active directory that you can look at.

[eaperezh]

Ok. Here we go.

GAL Mode: External
Server Type: Active Directory
LDAP URL: ldap://acmserver.acme.com:389
Auto Complete Filter: adAutoComplete (field is grayed-out)
LDAP Filter: ad (field is grayed-out)

With LDAP Search Base I have tried:
LDAP Search Base: dc=acme,dc=com
and
LDAP Search Base: cn=users,dc=acme,dc=com

With Bind DN I have used:
adminsitrator@acme.com
and
cn=administrator,cn=users,dc=acme,dc=com

Every change I restart tomcat.

When I reach the "test" part, I enter the following search terms:
(Note: I have a user called Erick Perez, email is erick@acme.com, it has phone number, city,country,etc,etc)
Search terms: erick, er,perez,acme,com

They all finish successfully but without returning any results. So it connects succesfully to AD but fetches no data.

So I restarted the Linux system and logged in as the user Erick, user auth is now working with AD integration when my last resort was to stop zimbra and restart. AD integration seems not to work unless after setting it up you restart the zimbra system.

So, I logged in as erick@acme.com with my password in the active directory, then clicked "new message" and then clicked the "To:" field.
In search I entered: erick, er, Erick, ERICK, acme, Acme, com, ACME, COM and the results were none.

What command line procedure can I execute to check if Im querying the GAL corrently?

Note: I do not have Exchange Server in the Windows 2003 server computer, but the GAL I'm accessing should be in the AD, right?

Thanks,

Note to myself: never write emails at wee hours in the morning.

[eaperezh]

Solved.
Zimbra 4.0.5 is authenticating and seeing the GAL in Active Directory.
It took another zimbra restart after setting up the GAL to make it work.
Not sure why I need to restart zimbra, but it does the job.

P.D. I di not installed the compat++ libs. I'm not sure if I will run into problems but so far the system is working as expected.