Results 1 to 7 of 7

Thread: Authenticating against Zimbra's LDAP Server

  1. #1
    tstrimp is offline Member
    Join Date
    Feb 2007
    Posts
    13
    Rep Power
    8

    Default Authenticating against Zimbra's LDAP Server

    I know next to nothing about LDAP structure but I'm certain it's possible for us to authenticate against Zimbra's LDAP server. It's already there and running so this would help centralize our authentication methods. The only thing I'm interested in authenticating with currently is SVN which is just apache authentication via mod_auth_ldap.

    As I've said, I know very little about LDAP and nothing about how zimbra lays it out. It shouldn't be very difficult for someone who knows what they are doing..

    http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    I'm not really sure if there's a question in there or not.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    tstrimp is offline Member
    Join Date
    Feb 2007
    Posts
    13
    Rep Power
    8

    Default quite right...

    How would one authenticate against the zimbra ldap server? Some of their examples are

    AuthLDAPURL ldap://ldap1.airius.com:389/ou=People,o=Airius?uid?sub?(objectClass=*)
    require valid-user

    However since I don't know how the zimbra ldap server is layed out, I don't know how I would authenticate against it via mod_auth_ldap.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Does this wiki article answer your question?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    tstrimp is offline Member
    Join Date
    Feb 2007
    Posts
    13
    Rep Power
    8

    Default

    Looks like it's supposed to but it doesn't specify where to get the user information. When I try to log in it gives me...

    [Fri Mar 16 09:24:15 2007] [debug] mod_authnz_ldap.c(373): [client 192.168.254.150] [26052] auth_ldap authenticate: using URL ldap://zimbra.collectivedata.local/dc=collectivedata,dc=com
    [Fri Mar 16 09:24:15 2007] [warn] [client 192.168.254.150] [26052] auth_ldap authenticate: user tstrimple@collectivedata.com authentication failed; URI /repos [User not found][No such object]
    [Fri Mar 16 09:24:15 2007] [error] [client 192.168.254.150] user tstrimple@collectivedata.com not found: /repos

    Edit: In every example I see of ldap authentication there is an ou provided. ou=Users, ou=people etc. Is that not required?
    Last edited by tstrimp; 03-16-2007 at 07:41 AM. Reason: more info

  6. #6
    tstrimp is offline Member
    Join Date
    Feb 2007
    Posts
    13
    Rep Power
    8

    Default

    I found this thread and added the .htaccess exactly like he did (but with my own domain name) and I get the exact same error as above....

    apache 2.2 mod_authnz_ldap to zimbra help?

    Any ideas?

    Here are the results from the ldap logs...

    Code:
    Mar 16 11:02:31 zimbra slapd[24850]: connection_get(11): got connid=6
    Mar 16 11:02:31 zimbra slapd[24850]: connection_read(11): checking for input on id=6
    Mar 16 11:02:31 zimbra slapd[24850]: ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
    Mar 16 11:02:31 zimbra slapd[24850]: do_bind
    Mar 16 11:02:31 zimbra slapd[24850]: >>> dnPrettyNormal: <>
    Mar 16 11:02:31 zimbra slapd[24850]: <<< dnPrettyNormal: <>, <>
    Mar 16 11:02:31 zimbra slapd[24850]: do_bind: version=3 dn="" method=128
    Mar 16 11:02:31 zimbra slapd[24850]: send_ldap_result: conn=6 op=0 p=3
    Mar 16 11:02:31 zimbra slapd[24850]: send_ldap_response: msgid=1 tag=97 err=0
    Mar 16 11:02:31 zimbra slapd[24850]: do_bind: v3 anonymous bind
    Mar 16 11:02:31 zimbra slapd[24850]: connection_get(11): got connid=6
    Mar 16 11:02:31 zimbra slapd[24850]: connection_read(11): checking for input on id=6
    Mar 16 11:02:31 zimbra slapd[24850]: ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
    Mar 16 11:02:31 zimbra slapd[24850]: do_search
    Mar 16 11:02:31 zimbra slapd[24850]: >>> dnPrettyNormal: <ou=people,dc=collectivedata,dc=com>
    Mar 16 11:02:31 zimbra slapd[24850]: <<< dnPrettyNormal: <ou=people,dc=collectivedata,dc=com>, <ou=people,dc=collectivedata,dc=com>
    Mar 16 11:02:31 zimbra slapd[24850]: ==> limits_get: conn=6 op=1 dn="[anonymous]"
    Mar 16 11:02:31 zimbra slapd[24850]: => bdb_search
    Mar 16 11:02:31 zimbra slapd[24850]: bdb_dn2entry("ou=people,dc=collectivedata,dc=com")
    Mar 16 11:02:31 zimbra slapd[24850]: => bdb_dn2id("dc=com")
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_dn2id: got id=0x00000011
    Mar 16 11:02:31 zimbra slapd[24850]: => bdb_dn2id("dc=collectivedata,dc=com")
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_dn2id: got id=0x00000028
    Mar 16 11:02:31 zimbra slapd[24850]: => bdb_dn2id("ou=people,dc=collectivedata,dc=com")
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_dn2id: got id=0x00000029
    Mar 16 11:02:31 zimbra slapd[24850]: entry_decode: "ou=people,dc=collectivedata,dc=com"
    Mar 16 11:02:31 zimbra slapd[24850]: <= entry_decode(ou=people,dc=collectivedata,dc=com)
    Mar 16 11:02:31 zimbra slapd[24850]: search_candidates: base="ou=people,dc=collectivedata,dc=com" (0x00000029) scope=2
    Mar 16 11:02:31 zimbra slapd[24850]: => bdb_equality_candidates (objectClass)
    Mar 16 11:02:31 zimbra slapd[24850]: => key_read
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_index_read: failed (-30990)
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_equality_candidates: id=0, first=0, last=0
    Mar 16 11:02:31 zimbra slapd[24850]: => bdb_dn2idl("ou=people,dc=collectivedata,dc=com")
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_dn2idl: id=17 first=41 last=79
    Mar 16 11:02:31 zimbra slapd[24850]: => bdb_equality_candidates (objectClass)
    Mar 16 11:02:31 zimbra slapd[24850]: => key_read
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_index_read: failed (-30990)
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_equality_candidates: id=0, first=0, last=0
    Mar 16 11:02:31 zimbra slapd[24850]: => bdb_equality_candidates (objectClass)
    Mar 16 11:02:31 zimbra slapd[24850]: => key_read
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_index_read 13 candidates
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_equality_candidates: id=13, first=3, last=69
    Mar 16 11:02:31 zimbra slapd[24850]: => bdb_equality_candidates (uid)
    Mar 16 11:02:31 zimbra slapd[24850]: => key_read
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_index_read: failed (-30990)
    Mar 16 11:02:31 zimbra slapd[24850]: <= bdb_equality_candidates: id=0, first=0, last=0
    Mar 16 11:02:31 zimbra slapd[24850]: bdb_search_candidates: id=0 first=41 last=0
    Mar 16 11:02:31 zimbra slapd[24850]: bdb_search: no candidates
    Mar 16 11:02:31 zimbra slapd[24850]: send_ldap_result: conn=6 op=1 p=3
    Mar 16 11:02:31 zimbra slapd[24850]: send_ldap_response: msgid=2 tag=101 err=0
    Last edited by tstrimp; 03-16-2007 at 09:08 AM. Reason: More Info

  7. #7
    tstrimp is offline Member
    Join Date
    Feb 2007
    Posts
    13
    Rep Power
    8

    Default

    I've figured it out. I was trying to login with the full email like in zimbra. When I dropped the domain name off of the username it let me in. Is there a way to authenticate against the full email address to keep things consistent?

    Thanks,
    Tim
    Last edited by tstrimp; 03-16-2007 at 09:30 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. initializing ldap...FAILED(256)ERROR
    By manjunath in forum Installation
    Replies: 39
    Last Post: 06-07-2013, 10:27 AM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  5. Authenticating to the LDAP
    By jasonwillis in forum Installation
    Replies: 4
    Last Post: 03-15-2006, 10:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •