Results 1 to 3 of 3

Thread: LDAP Auth stopped working after upgrade to 8.0.7

  1. #1
    mrmarbury is offline Starter Member
    Join Date
    Jul 2014
    Posts
    2
    Rep Power
    1

    Question LDAP Auth stopped working after upgrade to 8.0.7

    Hi,

    I'm currently testing the upgrade of zimbra Network edition 7.2.6 to 8.0.7. The testing environment is a clone from our production VM. With 7.2.6 everything works as expected. Then I do the upgrade to 8.0.7. Afterwards I get the following error when I try to login a user (We are using external LDAP-Sync)

    For data protection reasons I exchanged our domain with "ourdomain.com" and the login with "username@ourdomain.com"

    Since our ldap runs on another machine I guess 127.0.0.1 is the zimbra ldap...

    Code:
    2014-07-01 11:54:30,723 INFO  [qtp853768135-6673:https://127.0.0.1:7071/service/admin/soap/GetDomainInfoRequest] [ip=127.0.0.1;ua=ZCS/8.0.7_GA_6021;] soap - GetDomainInfoRequest elapsed=0
    2014-07-01 11:54:30,769 WARN  [qtp853768135-6673:http://127.0.0.1:80/service/soap/AuthRequest] [name=stefan.wendler@tngtech.com;oip=10.1.2.115;ua=zclient/8.0.7_GA_6021;] account - ldap auth for domain ourdomain.com failed, fall back to zimbra default auth mechanism
    com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for [username@ourdomain.com]
    ExceptionId:qtp853768135-6673:http://127.0.0.1:80/service/soap/AuthRequest:1404208470769:80ab381ecb6d3d9e
    Code:account.AUTH_FAILED
    	at com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:138)
    	at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:4980)
    	at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:4916)
    	at com.zimbra.cs.account.auth.AuthMechanism$LdapAuth.doAuth(AuthMechanism.java:235)
    	at com.zimbra.cs.account.ldap.LdapProvisioning.verifyPasswordInternal(LdapProvisioning.java:5044)
    	at com.zimbra.cs.account.ldap.LdapProvisioning.verifyPassword(LdapProvisioning.java:5014)
    	at com.zimbra.cs.account.ldap.LdapProvisioning.authAccount(LdapProvisioning.java:4650)
    	at com.zimbra.cs.account.ldap.LdapProvisioning.authAccount(LdapProvisioning.java:4630)
    	at com.zimbra.cs.service.account.Auth.handle(Auth.java:186)
    	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:522)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:385)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:258)
    	at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:294)
    	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:210)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:207)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:654)
    	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1320)
    	at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:78)
    	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)
    	at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:52)
    	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)
    	at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:57)
    	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)
    	at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:82)
    	at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:256)
    	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)
    	at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:45)
    	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)
    	at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:105)
    	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)
    	at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:474)
    	at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:345)
    	at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:316)
    	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)
    	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:443)
    	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:556)
    	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
    	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1044)
    	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:372)
    	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189)
    	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:978)
    	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
    	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
    	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    	at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:317)
    	at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:81)
    	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    	at org.eclipse.jetty.server.Server.handle(Server.java:369)
    	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:486)
    	at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:944)
    	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1005)
    	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
    	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
    	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
    	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
    	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
    	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
    	at java.lang.Thread.run(Thread.java:744)
    Caused by: com.zimbra.cs.ldap.LdapException: LDAP error:  - unable to get connection: unauthenticated bind (DN with no password) disallowed
    ExceptionId:qtp853768135-6673:http://127.0.0.1:80/service/soap/AuthRequest:1404208470769:80ab381ecb6d3d9e
    Code:ldap.LDAP_ERROR
    	at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:88)
    	at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:72)
    	at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToExternalLdapException(UBIDLdapException.java:82)
    	at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.mapToLdapException(UBIDLdapContext.java:225)
    	at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.getConnection(UBIDLdapContext.java:199)
    	at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.<init>(UBIDLdapContext.java:171)
    	at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.getExternalContextImpl(UBIDLdapClient.java:104)
    	at com.zimbra.cs.ldap.LdapClient.getExternalContext(LdapClient.java:167)
    	at com.zimbra.cs.account.ldap.LdapProvisioning.ldapAuthenticate(LdapProvisioning.java:4809)
    	at com.zimbra.cs.account.ldap.LdapProvisioning.externalLdapAuth(LdapProvisioning.java:4968)
    	... 61 more
    Caused by: LDAPException(resultCode=53 (unwilling to perform), errorMessage='unauthenticated bind (DN with no password) disallowed', diagnosticMessage='unauthenticated bind (DN with no password) disallowed')
    	at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1894)
    	at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:988)
    	at com.unboundid.ldap.sdk.LDAPConnectionPool.getConnection(LDAPConnectionPool.java:1399)
    	at com.zimbra.cs.ldap.unboundid.UBIDLdapOperation$GetConnection.execute(UBIDLdapOperation.java:180)
    	at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.getConnection(UBIDLdapContext.java:190)
    	... 66 more
    2014-07-01 11:54:30,771 INFO  [qtp853768135-6673:http://127.0.0.1:80/service/soap/AuthRequest] [name=username@ourdomain.com;oip=10.1.2.115;ua=zclient/8.0.7_GA_6021;] SoapEngine - handler exception: authentication failed for [username@ourdomain.com], invalid password
    2014-07-01 11:54:30,771 INFO  [qtp853768135-6673:http://127.0.0.1:80/service/soap/AuthRequest] [name=username@ourdomain.com;oip=10.1.2.115;ua=zclient/8.0.7_GA_6021;] soap - AuthRequest elapsed=30
    Especially the message
    Code:
    Caused by: com.zimbra.cs.ldap.LdapException: LDAP error:  - unable to get connection: unauthenticated bind (DN with no password) disallowed
    is interesting.

    Did anything change in the bind mechanism used in 8 compared to 7 that I have to change manually?

    The update log does not have any errors and the database integrety check was fine

    The error message is shown for all users that try to login. I compared the configuration of the old and the new server and both servers look exactly the same (except for some new values)

    I hope it is a simple thing to fix?

    Cheers,
    Stefan

  2. #2
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    It looks like the bind dn for your external auth config got lost. May want to review LDAP Authentication - Zimbra :: Wiki
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #3
    mrmarbury is offline Starter Member
    Join Date
    Jul 2014
    Posts
    2
    Rep Power
    1

    Default

    That helped! Thx alot.

    I set the password for the bind dn again and had to remove the braces around the ldap filter query (which had worked with zimbra 7).Now I can login again.

    Cheers,
    Stefan

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra stopped working - something to do with ldap?
    By geoffDeGeoffGeoff in forum Installation
    Replies: 3
    Last Post: 02-18-2010, 12:29 AM
  2. Zimbra stopped working - something to do with ldap?
    By geoffDeGeoffGeoff in forum Administrators
    Replies: 3
    Last Post: 02-18-2010, 12:29 AM
  3. SMTP Auth stopped working for a bit then started.
    By MoreDakka in forum Administrators
    Replies: 1
    Last Post: 01-20-2010, 05:26 PM
  4. LDAP stopped working after yum upgrade to CentOS 5.4
    By powrrrplay in forum Administrators
    Replies: 0
    Last Post: 01-05-2010, 08:05 AM
  5. LDAP auth working only when firewall stopped
    By brousky in forum Installation
    Replies: 1
    Last Post: 09-19-2006, 06:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •