Apple Addressbook LDAP Setup in Lion (10.7)

[lgp]

I have been searching the forums and wiki and tried all suggestions but still no luck so here I go:

I have a Mac 10.7 Lion client and trying to use LDAP for accessing the GAL. I tried with ldapsearch on the same client and the result is success but no info is returned.

I have managed to configure Thunderbird on the same Mac.

I've also tried LDAP Admin on Windows and manage only to connect with the admin account.

My setup
Zimbra server address: zimbra.example.com
Domains:
zimbra.example.com
GAL is both internal and external
Authentication is internal

example.com
GAL is both internal and external
Authentication is external

External Authentication: LDAP
Server address: odm.example.com
LDAP Base: dc=od,dc=example,dc=com

Any tips, please?

[lgp]

The external LDAP server is an Open Directory server with the address odm.example.com. LDAP Search Base: dc=od,dc=example,dc=com

The domain: zimbra.example.com
GAL mode: Both
Authentication: External LDAP
Both GAL and Authentication work fine in the Test stage of the configuration.


The domain: example.com
GAL mode: Both
Authentication: External LDAP
Both GAL and Authentication work fine in the Test stage of the configuration.


The user: guest3@example.com
User exists in external LDAP as: uid=guest3,cn=Users,dc=od,dc=example,dc=com
User exists in Zimbra in the domain example.com
What about the field "External LDAP account for Authentication"? Should there be a value in that field?

Client tests on Mac OS X 10.7/Lion client:
Apple Address Book:
Server: zimbra.example.com
Port: 389, no SSL
Search Base: dc=zimbra,dc=example.dc=com
Scope: Subtree
Authentication: Simple
User Name: uid=guest3,ou=people,dc=zimbra,dc=example,dc=com
Password: xxx

No success.

Thunderbird 10.0:
Hostname: zimbra.example.com
Base DN: dc=zimbra,dc=example,dc=com
Port Number: 389
Bind DN: uid=guest3,ou=people,dc=zimbra,dc=example,dc=com

No success.

I have tried different variations of the User Name/Bind DN without dc=zimbra and without the last domain parts, still np luck.

Terminal:
ldapsearch -x -h zimbra.example.com -b "ou=people,dc=zimbra,dc=example,dc=com" "uid=guest3"
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=zimbra,dc=nersc,dc=no> with scope subtree
# filter: uid=guest3
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

On the server I see after adjusting the debug level:
Feb 2 10:20:52 zimbra slapd[30747]: conn=1218 op=0 BIND dn="uid=guest3,ou=people,dc=zimbra,dc=example,dc=c om" method=128
Feb 2 10:20:52 zimbra slapd[30747]: conn=1218 op=0 RESULT tag=97 err=49 text=
Feb 2 10:20:52 zimbra slapd[30747]: conn=1218 op=1 UNBIND

[ewilen]

I use the following, and it works, but note that since it depends on no authentication and no SSL, it's only suitable if you firewall off LDAP at your border firewall.

server: zimbra.company.com
port: 389 (no SSL)
Search Base: ou=people, o=my company (those are the literal values, which are just the greyed-out defaults that appear when you create an LDAP account in Address Book)
Scope: subtree
Authentication: none

See Bug 15378 &ndash; Obviate the need for and disallow LDAP anonymous binds for more info on turning on/off anonymous access.

I tried a while back to get authentication with SSL working (after turning off anonymous access at the server ). I don't recall if I was trying with Snow Leopard or Lion, but I couldn't get it to work.

[lgp]

I would just like to confirm that anonymous LDAP works in Apple Address Book and Thunderbird.

In Apple Address Book, my settings are:
Name: Zimbra
Server: zimbra.nersc.no
Port: 389, No SSL
Search Base: [blank]
Scope: Subtree
Authentication: None

In Thunderbird my settings are:
General:
Name: Zimbra
Hostname: zimbra.nersc.no
Base DN: [blank]
Port number: 389
Bind DN: [blank]
No SSL
Advanced:
Scope: Subtree
Search filter: (objectclass=*)
Login method: Simple

I am not so sure about only using anonymous LDAP though, I prefer authenticated with SSL.

Thank you very much for your tip!