Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Zimbra + Novell LDAP == ?

  1. #1
    cyberdeath's Avatar
    cyberdeath is offline Active Member
    Join Date
    Jan 2008
    Location
    127.0.0.1, Virginia, USA
    Posts
    42
    Rep Power
    7

    Unhappy Zimbra + Novell LDAP == ?

    Ok, I have been fiddling around with LDAP for a couple hours now but with no joy. I first tried installing Zimbra on OpenSuSE 10.3 using the 10.2 installer from the community website. It gave me the whole "not the right OS" error, however...I ignored and continued on. When I got to the Setup Main Menu, I cannot get past the error at the bottom...and I have completely filled everything in that needed to be filled in. So, I figured...maybe it's because it's 10.3 and the installer is for 10.2. Since I have a license to use SLES 10, I installed that onto the test box...and again...I'm sitting here with the same issue. The error message is below:

    Code:
    Address unconfigured (**) items or correct ldap configuration  (? - help)
    Additionally, here's the error message that the /tmp/zmsetup.log says:
    Code:
    zimbra-mta is enabled
    checking isEnabled zimbra-archiving
    zimbra-archiving is not enabled
    checking isComponentAvailable archiving
    Checking ldap on ldapserver.domain:389
    Unable to bind to ldap://ldapserver.domain:389 with user uid=zimbra,cn=admins,cn=zimbra and password xxxx:
    Couldn't bind to ldapserver.domain as uid=zimbra,cn=admins,cn=zimbra
    Component archiving is not available.
    checking isEnabled zimbra-snmp
    zimbra-snmp is enabled
    Checking ldap on ldapserver.domain:389
    Unable to bind to ldap://ldapserver.domain:389 with user uid=zimbra,cn=admins,cn=zimbra and password xxxx:
    Couldn't bind to ldapserver.domain as uid=zimbra,cn=admins,cn=zimbra
    Checking ldap on ldapserver.domain:389
    Unable to bind to ldap://ldapserver.domain:389 with user uid=zimbra,cn=admins,cn=zimbra and password xxxx:
    Couldn't bind to ldapserver.domain as uid=zimbra,cn=admins,cn=zimbra
    Checking ldap on ldapserver.domain:389
    Unable to bind to ldap://ldapserver.domain:389 with user uid=zimbra,cn=admins,cn=zimbra and password xxxx:
    Couldn't bind to ldapserver.domain as uid=zimbra,cn=admins,cn=zimbra
    Where ldapserver.domain is the actual Novell server and the password is a real password for the zimbra account that I created at the root level. I also created postfix and amavis accounts with passwords I setup in the latter part of the menu for the bind passwords. Below is the information from the Main Menu:

    Code:
    Main menu
    
       1) Common Configuration:
            +Hostname:                             zimbra.domain
            +Ldap master host:                     ldapserver.domain
            +Ldap port:                            389
            +Ldap Admin password:                  set
            +LDAP Base DN:                         cn=zimbra
            +TimeZone:                             (GMT-05.00) Eastern Time (US & Canada)
    
       2) zimbra-store:                            Enabled
            +Create Admin User:                    yes
            +Admin user to create:                 admin@zimbra.domain
            +Admin Password                        set
            +Enable automated spam training:       yes
            +Spam training user:                   spam.q1sgdngsgg@zimbra.domain
            +Non-spam(Ham) training user:          ham.dwzgkq8fr@zimbra.domain
            +Global Documents Account:             wiki@zimbra.domain
            +SMTP host:                            zimbra.domain
            +Web server HTTP port:                 80
            +Web server HTTPS port:                443
            +Web server mode:                      http
            +IMAP server port:                     143
            +IMAP server SSL port:                 993
            +POP server port:                      110
            +POP server SSL port:                  995
            +Use spell check server:               yes
            +Spell server URL:                     http://zimbra.domain:7780/aspell.php
    
       3) zimbra-mta:                              Enabled
            +MTA Auth host:                        zimbra.domain
            +Enable Spamassassin:                  yes
            +Enable Clam AV:                       yes
            +Notification address for AV alerts:   admin@zimbra.domain
            +Bind password for postfix ldap user:  set
            +Bind password for amavis ldap user:   set
    
       4) zimbra-snmp:                             Enabled
            +Enable SNMP notifications:            yes
            +SNMP Trap hostname:                   zimbra.domain
            +Enable SMTP notifications:            yes
            +SMTP Source email address:            admin@zimbra.domain
            +SMTP Destination email address:       admin@zimbra.domain
    
       5) zimbra-logger:                           Enabled
       6) zimbra-spell:                            Enabled
       7) Default Class of Service Configuration:
            +Enable Instant Messaging Feature:     Enabled
            +Enable Briefcases Feature:            Enabled
            +Enable Tasks Feature:                 Enabled
            +Enable Notebook Feature:              Enabled
    
       c) Collapse menu
       r) Start servers after configuration        yes
       s) Save config to file
       q) Quit
    
    Address unconfigured (**) items or correct ldap configuration  (? - help)
    I did not install the zimbra-ldap component as I do not want to run a server, I want to connect to an LDAP server for authentication.

    Also, I need to setup Zimbra to look in several OUs, but not all, for usernames...but that is once I get it installed and running at all + talking to Novell LDAP.

    Any suggestions??
    cyberdeath

  2. #2
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    I would note that using an LDAP server for storing the Zimbra bits that is not the one shipped with Zimbra is not particularly supported, and I would highly advise against it. I'm not sure why you'd want to use something else, given the performance and stability of OpenLDAP.

    In any case, your error indicates that the bind to the LDAP Server as the admin user is failing. I suggest turning up the debugging logs on your LDAP server to troubleshoot the issue.

    --Quanah
    Last edited by quanah; 01-30-2008 at 12:46 AM.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #3
    cyberdeath's Avatar
    cyberdeath is offline Active Member
    Join Date
    Jan 2008
    Location
    127.0.0.1, Virginia, USA
    Posts
    42
    Rep Power
    7

    Question

    Ok, so maybe I am doing this all wrong. I need to be able to dynamically authenticate users against the Novell LDAP server and create the accounts on a local box after they login for the first time...or better yet, when they are created. This is why I pointed LDAP authentication to the server. Is there another way I can do this authentication through Novell while using a local OpenLDAP server?
    cyberdeath

  4. #4
    rsharpe is offline Elite Member & Volunteer
    Join Date
    Nov 2005
    Location
    London, ON
    Posts
    255
    Rep Power
    9

    Default

    Yes do the install normally with the local OpenLDAP server then when that is complete you can use the admin console to change the authentication method to use an external LDAP service.

  5. #5
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #6
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    you should also make sure ldap is enabled on the novell server you're trying to authenticate to as well.

  7. #7
    cyberdeath's Avatar
    cyberdeath is offline Active Member
    Join Date
    Jan 2008
    Location
    127.0.0.1, Virginia, USA
    Posts
    42
    Rep Power
    7

    Default

    First off, thanks so far for the help...I now have a working Zimbra server that works well locally authenticating.

    Quote Originally Posted by rsharpe View Post
    Yes do the install normally with the local OpenLDAP server then when that is complete you can use the admin console to change the authentication method to use an external LDAP service.
    Ok, I did it that way and, again, it worked. I can also get it to authenticate me while I am setting up LDAP authentication for the "domain". However, when I go to login from the zimbra user portal...it tells me "The username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current username and password." Therefore, it seems as though it is not really authenticating against LDAP.

    Quote Originally Posted by quanah View Post
    I viewed this already and went through the procedures, but still no joy .

    Quote Originally Posted by bdial View Post
    you should also make sure ldap is enabled on the novell server you're trying to authenticate to as well.
    LDAP is enabled on our Novell boxes by default. So that should not be a problem. I'm using non-SSL to "bind" anonymously....and I even tried binding with the admin account. Granted, both work when I test it out setting up authentication in the admin control panel. So that shouldn't be the problem (I don't think).

    Quote Originally Posted by quanah View Post
    I would note that using an LDAP server for storing the Zimbra bits that is not the one shipped with Zimbra is not particularly supported, and I would highly advise against it. I'm not sure why you'd want to use something else, given the performance and stability of OpenLDAP.

    In any case, your error indicates that the bind to the LDAP Server as the admin user is failing. I suggest turning up the debugging logs on your LDAP server to troubleshoot the issue.

    --Quanah
    Thanks for that advice above...you are right, I do NOT want to store the data on our Novell server....I'd like it housed on the mail box...therefore OpenLDAP works great.

    So, now my question is: How can I make Zimbra authenticate against LDAP and populate a user after authentication....or how can it query the LDAP server for usernames and populate the mailboxes that way? Then when the person logs in...that's when it compares the password against the account. Just as a note...we are currently using Moodle with LDAP in this same manner...and it works very nicely.

    Any advice/suggestions would be greatly appreciated. Again, thanks so far for the help...all of you!
    cyberdeath

  8. #8
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    We had an existing eDirectory and OpenLDAP integration using Novell's Identity Manager. Basicly we do all our account management from edirectory. when a new account is created it triggers a creation of the user within our openldap too propogating the attributes we have mapped. this also handles modifications as well as password syncornization.

    When we stated looking at zimbra I thought maybe i could just setup another channel ot have it migrate accounts to the zimbra ldap as well. Unfortunately, it looks like theres more to a new user than just it's creation in the zimbra ldap and you have to do it wtih the zmprov or through SOAP. I'm not totally familiar with soap but maybe you are.

    That being said, our zimbra install authenticates fine to the openldap server we had thats being populated by eDirectory. However, I still have to create them in zimbra as well wehn i create them in ediretory. This is the best i've been able to do so far. We're using universal passwords as well.

    Novell sometimes has some different attribute names for st uff than openldap or zimbra. if you want to authenticate directly to novell you may want to make sure your filter is correct and maybe use dstrace on the novell server to help debug the process.

  9. #9
    cyberdeath's Avatar
    cyberdeath is offline Active Member
    Join Date
    Jan 2008
    Location
    127.0.0.1, Virginia, USA
    Posts
    42
    Rep Power
    7

    Default

    Quote Originally Posted by bdial View Post
    We had an existing eDirectory and OpenLDAP integration using Novell's Identity Manager. Basicly we do all our account management from edirectory. when a new account is created it triggers a creation of the user within our openldap too propogating the attributes we have mapped. this also handles modifications as well as password syncornization.

    When we stated looking at zimbra I thought maybe i could just setup another channel ot have it migrate accounts to the zimbra ldap as well. Unfortunately, it looks like theres more to a new user than just it's creation in the zimbra ldap and you have to do it wtih the zmprov or through SOAP. I'm not totally familiar with soap but maybe you are.

    That being said, our zimbra install authenticates fine to the openldap server we had thats being populated by eDirectory. However, I still have to create them in zimbra as well wehn i create them in ediretory. This is the best i've been able to do so far. We're using universal passwords as well.

    Novell sometimes has some different attribute names for st uff than openldap or zimbra. if you want to authenticate directly to novell you may want to make sure your filter is correct and maybe use dstrace on the novell server to help debug the process.
    Thanks for the reply. I have now setup the zimbra server to use it's own OpenLDAP server and under the administrative panel, I have chosen "External Authentication". I noticed that once I set up the server to "Bind"....I had problems...so I tried to turn binding off..and couldn't....so since it's just the test bed box...I uninstalled/reinstalled Zimbra which, in turn, fixed the problem. So, with Anonymous authentication to LDAP, it now works fine so long as I create the user on the zimbra box as well...which I am doing....I don't want to overly complicate things with other solution possibilities (ie: Identity Manager). But, my question and problem is this: 1. When users login once I setup LDAP...with the exception of the "admin" account which is local...the other accounts never say the last time they logged in on the Admin control panel....when looking at the users even though they logged in. 2. I am concerned about the Zimbra server contacting the LDAP server too much. I don't want it to become a "taxing" issue for our LDAP server which is also being authenticated against with other systems. If it only connects to the LDAP server when that user authenticates to either pop3, imap, or the web front-end, that's fine with me. I just don't want it to be the case like with another email server I've used that authenticated to LDAP on every email received. So, if someone could clarify those two things, I'd really appreciate it.

    Thanks for everyone's help. This is a great community ...which makes me trust this product even more.
    cyberdeath

  10. #10
    fmodola is offline Special Member
    Join Date
    Feb 2006
    Location
    France (Haute-Savoie)
    Posts
    123
    Rep Power
    9

    Default

    bdial,

    Novell updated Identity Manager to version 3.5 so that you can now use the Scripting Driver in order to synchronize your accounts.

    We are using it, it is based upon scripts on Zimbra host that execute zmprov commands.

    If you need informations, you can contact Novell support.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  2. [SOLVED] Error Installing Zimbra on RHEL 5
    By harris7139 in forum Installation
    Replies: 10
    Last Post: 09-25-2007, 11:39 AM
  3. upgrade woes -made into new thread
    By JustinHarlow in forum Installation
    Replies: 18
    Last Post: 06-08-2007, 12:11 PM
  4. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  5. Replies: 16
    Last Post: 09-07-2006, 06:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •