Zimbra

jherington · #1 (**permalink**) 11-18-2007, 11:15 PM

Hello,
I am having a problem with ldap. I was able to get GAL configured just fine but when I try to configure Authentication the test fails because: Unable to resolve LDAP name. Here is the result:

Code:

javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031521D2, problem 2001 (NO_OBJECT), data 0, best match of:
	'O=itsa,C=us'

I have tried a couple of Ldap filters: 1) the full bind DN and 2) (uid=%u). I do have the uid set on the user in the external Ldap. My Ldap search base is: OU=Itsa_TechnicalStaff,O=itsa,C=us. I can ping my external ldap just fine and again I can configure GAL just fine.

Yet if I run ldapsearch I can get a successful search but I must include -x in the command:

Code:

[zimbra@itsa bin]$ ldapsearch -h itsa1.local -p 389 -D "cn=jherington, ou=Itsa_TechnicalStaff, o=itsa, c=us" -w "password" -x -b "o=itsa,c=us" "(CN=jherington,OU=Itsa_TechnicalStaff,O=itsa,C=us)"
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (CN=jherington,OU=Itsa_TechnicalStaff,O=itsa,C=us)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
[zimbra@itsa bin]$

Local ldap is running and I am able to login to zimbra. I did set up a user in the local ldap and the external ldap (which is actually ADAM Active Directory Application Mode) with the same name and password. The -x is for "simple authentication" I do not have ssl setup on the external ldap server.

Any help would be greatly appreciated!

phoenix · #2 (**permalink**) 11-18-2007, 11:45 PM

Your error is caused by "A non-existent DN specified in the User Search field.".

You probably need to bind to AD with a user that can do a query, check this wiki article.

jherington · #3 (**permalink**) 11-19-2007, 09:19 AM

Thanks Phoenix,

Here is the result of the command: ldifde -f c:\export.txt -s itsa1:389 -d o=itsa,c=us

Code:

dn: O=itsa,C=us
changetype: add
objectClass: top
objectClass: organization
o: itsa
distinguishedName: O=itsa,C=us
instanceType: 5
whenCreated: 20071023220539.0Z
whenChanged: 20071023220539.0Z
uSNCreated: 8196
uSNChanged: 8210
name: itsa
objectGUID:: Yv4+t5kTcU2uuryqn+USuw==
wellKnownObjects: B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Roles,O=itsa,C=us
wellKnownObjects: 
 B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,O=itsa,C=us
wellKnownObjects: 
 B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,O=itsa,C=us
wellKnownObjects: 
 B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,O=itsa,C=us
objectCategory: 
 CN=Organization,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA436
 3CCDA}
msDs-masteredBy: 
 CN=NTDS Settings,CN=ITSA1$ItsaCommunity,CN=Servers,CN=Default-First-Site-Name,
 CN=Sites,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA4363CCDA}

dn: OU=Itsa_TechnicalStaff,O=itsa,C=us
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: Itsa_TechnicalStaff
distinguishedName: OU=Itsa_TechnicalStaff,O=itsa,C=us
instanceType: 4
whenCreated: 20071023222129.0Z
whenChanged: 20071023222129.0Z
uSNCreated: 12505
uSNChanged: 12505
name: Itsa_TechnicalStaff
objectGUID:: b8TU+7k980qiYBBfvCdYhQ==
objectCategory: 
 CN=Organizational-Unit,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-
 09EA4363CCDA}

dn: CN=jherington,OU=Itsa_TechnicalStaff,O=itsa,C=us
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: jherington
distinguishedName: CN=jherington,OU=Itsa_TechnicalStaff,O=itsa,C=us
instanceType: 4
whenCreated: 20071023222208.0Z
whenChanged: 20071119043955.0Z
uSNCreated: 12506
memberOf: CN=AppDev,OU=Itsa_TechnicalStaff,O=itsa,C=us
uSNChanged: 77836
name: jherington
objectGUID:: 8IbBWRnQZkGZQE8lXMyfvw==
badPwdCount: 0
badPasswordTime: 0
pwdLastSet: 128398963024843750
objectSid:: AQUAABOOzxd+c/HZWbRRMghqr0uqwvNbmedjBQ==
objectCategory: 
 CN=Person,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA4363CCDA}
lastLogonTimestamp: 128399105652652654
givenName: Jeff Herington
uid: jherington

dn: CN=AppDev,OU=Itsa_TechnicalStaff,O=itsa,C=us
changetype: add
objectClass: top
objectClass: group
cn: AppDev
member: CN=jherington,OU=Itsa_TechnicalStaff,O=itsa,C=us
distinguishedName: CN=AppDev,OU=Itsa_TechnicalStaff,O=itsa,C=us
instanceType: 4
whenCreated: 20071023224124.0Z
whenChanged: 20071023225811.0Z
uSNCreated: 12508
uSNChanged: 12512
name: AppDev
objectGUID:: AHZ6XEXW5ka2/si+5npyaA==
objectSid:: AQUAABOOzxd+c/HZ7GkNoNqUCk6xD6tHTTXp+w==
groupType: 8
objectCategory: 
 CN=Group,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA4363CCDA}

dn: CN=LostAndFound,O=itsa,C=us
changetype: add
objectClass: top
objectClass: lostAndFound
cn: LostAndFound
distinguishedName: CN=LostAndFound,O=itsa,C=us
instanceType: 4
whenCreated: 20071023220539.0Z
whenChanged: 20071023220539.0Z
uSNCreated: 8203
uSNChanged: 8203
showInAdvancedViewOnly: TRUE
name: LostAndFound
objectGUID:: wQausgJdwEyYDcUihB41uA==
systemFlags: -1946157056
objectCategory: 
 CN=Lost-And-Found,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA4
 363CCDA}
isCriticalSystemObject: TRUE

dn: CN=NTDS Quotas,O=itsa,C=us
changetype: add
objectClass: top
objectClass: msDS-QuotaContainer
cn: NTDS Quotas
distinguishedName: CN=NTDS Quotas,O=itsa,C=us
instanceType: 4
whenCreated: 20071023220539.0Z
whenChanged: 20071023220539.0Z
uSNCreated: 8204
uSNChanged: 8204
showInAdvancedViewOnly: TRUE
name: NTDS Quotas
objectGUID:: esFUKLENik2RM0OATU78eA==
systemFlags: -1946157056
objectCategory: 
 CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB
 9-09EA4363CCDA}
isCriticalSystemObject: TRUE

dn: CN=Roles,O=itsa,C=us
changetype: add
objectClass: top
objectClass: container
cn: Roles
distinguishedName: CN=Roles,O=itsa,C=us
instanceType: 4
whenCreated: 20071023220539.0Z
whenChanged: 20071023220539.0Z
uSNCreated: 8205
uSNChanged: 8205
showInAdvancedViewOnly: TRUE
name: Roles
objectGUID:: hZZ6apST7EuVQ+f6cV90eA==
systemFlags: -2080374784
objectCategory: 
 CN=Container,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA4363CC
 DA}
isCriticalSystemObject: TRUE

dn: CN=Administrators,CN=Roles,O=itsa,C=us
changetype: add
objectClass: top
objectClass: group
cn: Administrators
member: 
 CN=Administrators,CN=Roles,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA43
 63CCDA}
distinguishedName: CN=Administrators,CN=Roles,O=itsa,C=us
instanceType: 4
whenCreated: 20071023220539.0Z
whenChanged: 20071023220539.0Z
uSNCreated: 8207
uSNChanged: 8207
name: Administrators
objectGUID:: 4fNq4i1kfE+MQS6Fwf87NQ==
objectSid:: AQIAABOOzxd+c/HZAAIAAA==
systemFlags: -2080374784
groupType: -2147483646
objectCategory: 
 CN=Group,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA4363CCDA}
isCriticalSystemObject: TRUE

dn: CN=Users,CN=Roles,O=itsa,C=us
changetype: add
objectClass: top
objectClass: group
cn: Users
distinguishedName: CN=Users,CN=Roles,O=itsa,C=us
instanceType: 4
whenCreated: 20071023220539.0Z
whenChanged: 20071023220539.0Z
uSNCreated: 8208
uSNChanged: 8208
name: Users
objectGUID:: wFBQVU4m4EWc29yignexsw==
objectSid:: AQIAABOOzxd+c/HZAQIAAA==
systemFlags: -2080374784
groupType: -2147483646
objectCategory: 
 CN=Group,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA4363CCDA}
isCriticalSystemObject: TRUE

dn: CN=Readers,CN=Roles,O=itsa,C=us
changetype: add
objectClass: top
objectClass: group
cn: Readers
distinguishedName: CN=Readers,CN=Roles,O=itsa,C=us
instanceType: 4
whenCreated: 20071023220539.0Z
whenChanged: 20071023220539.0Z
uSNCreated: 8209
uSNChanged: 8209
name: Readers
objectGUID:: YA/TTMlx6UOIOjcKuDDN6A==
objectSid:: AQIAABOOzxd+c/HZAgIAAA==
systemFlags: -2080374784
groupType: -2147483646
objectCategory: 
 CN=Group,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA4363CCDA}
isCriticalSystemObject: TRUE

I believe the relevent portion is the dn for jherington. I there something about this that does not look right?

Code:

dn: CN=jherington,OU=Itsa_TechnicalStaff,O=itsa,C=us
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: jherington
distinguishedName: CN=jherington,OU=Itsa_TechnicalStaff,O=itsa,C=us
instanceType: 4
whenCreated: 20071023222208.0Z
whenChanged: 20071119043955.0Z
uSNCreated: 12506
memberOf: CN=AppDev,OU=Itsa_TechnicalStaff,O=itsa,C=us
uSNChanged: 77836
name: jherington
objectGUID:: 8IbBWRnQZkGZQE8lXMyfvw==
badPwdCount: 0
badPasswordTime: 0
pwdLastSet: 128398963024843750
objectSid:: AQUAABOOzxd+c/HZWbRRMghqr0uqwvNbmedjBQ==
objectCategory: CN=Person,CN=Schema,CN=Configuration,CN={6490D725-998A-4B32-9FB9-09EA4363CCDA}
lastLogonTimestamp: 128399105652652654
givenName: Jeff Herington
uid: jherington

Given the above could you give me the commands you would use in the Zimbra external auth config?

I am using as the binding dn: CN=jherington,OU=Itsa_TechnicalStaff,O=itsa,C=us and as the naming context: o=itsa,c=us and as the filter: (uid=%u). I have user in zimbra with the username: jherington and the password is the same as that in my ldap.

I was lead to beleive that possibly this was an issue with the encryption method because it seemed that is what the -x was bypassing in the ldapsearch command?? Also, the GAL config for Zimbra works fine?

Thanks!

jherington · #4 (**permalink**) 11-19-2007, 10:51 PM

I solved this issue.

Note: the ldap service I use is a free and semi-open microsoft product: ADAM.

I needed to assign the bind user dn to the Readers role within ADAM using the adsiedit application. I will need to read a little more to find out how to assign similar acl rights to objects via the dsacls command-line application.

Thanks...I do appreciate this forums quick response...I know this ADAM ldap service is probably a different then openLDAP.

Zimbra

Downloads

Product Information

Toolbox

Why Join?