external authentication returns empty search

[Nikos Lyberakis]

Hello

I am newbie in Zimbra. I installed in Ubuntu 6.06 and everything works fine except authentication in external ldap server.

The external ldap server is an Sun Directory 5.2. I created a dedicated user (zimbra viewer) in external ldap server with privileges to search and read from Zimbra IP address (194.177.198.1)

I use the following parameters in Zimbra:

LDAP filter: filter: (uid=%u) (and also mail=%s or other filter string i found on zimbra forum)
LDAP search base: o=chania.teicrete,c=gr (even i tried ou=people,o=chania.teicrete,c=gr)
Bind DN: cn=zimbra viewer,ou=Special,o=chania.teicrete,c=gr


So when i try to test authentication, the answer from ldap server is "empty results".
When i try to connect to the same ldap server as user "zimbra viewer" and ask the same question BUT from another machine, the ldap server give me result.

The next lines are from access log file of ldap server. The IPs appear in log file are:
194.177.198.1: zimbra server
194.177.198.8: ldap server (Sun Directory)
194.177.198.7: the 3rd machine i do ldapsearch to 194.177.198.8 and it gives me result

----------------------------------------------------------------------------------------------------------------------------------------------
[18/Feb/2008:19:52:33 +0200] conn=2 op=-1 msgId=-1 - fd=20 slot=20 LDAP connection from 194.177.198.1 to 194.177.198.8
[18/Feb/2008:19:52:33 +0200] conn=2 op=0 msgId=1 - BIND dn="cn=zimbra viewer,ou=Special,o=chania.teicrete,c=gr" method=128 version=3
[18/Feb/2008:19:52:33 +0200] conn=2 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=zimbra viewer,ou=special,o=chania.teicrete,c=gr"
[18/Feb/2008:19:52:33 +0200] conn=2 op=1 msgId=2 - SRCH base="o=chania.teicrete,c=gr" scope=2 filter="(uid=nlybe)" attrs=ALL
[18/Feb/2008:19:52:33 +0200] conn=2 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
[18/Feb/2008:19:52:55 +0200] conn=3 op=-1 msgId=-1 - fd=21 slot=21 LDAP connection from 194.177.198.7 to 194.177.198.8
[18/Feb/2008:19:52:55 +0200] conn=3 op=0 msgId=1 - BIND dn="cn=zimbra viewer,ou=Special,o=chania.teicrete,c=gr" method=128 version=3
[18/Feb/2008:19:52:55 +0200] conn=3 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=zimbra viewer,ou=special,o=chania.teicrete,c=gr"
[18/Feb/2008:19:52:55 +0200] conn=3 op=1 msgId=2 - SRCH base="ou=people,o=chania.teicrete,c=gr" scope=2 filter="(uid=nlybe)" attrs=ALL
[18/Feb/2008:19:52:55 +0200] conn=3 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
----------------------------------------------------------------------------------------------------------------------------------------------

If it's problem with credentials as i don't get error regarding invalid credentials.
I also tried with the external ldap admin user but the result was the same

I have made several test but without success.

Any help is welcome

Nikos

[cyberdeath]

Hi Nikos,

When setting up your filter, I would suggest you follow these guidelines:

mail=%u@site.tld

Another nice thing is you could set at the organizational top level and it will only allow users with the @site.tld to authenticate. Try to keep it simple. Only problem is, you'll need to set this up on your sun ldap box. By the way, I'd also suggest you get an LDAP browser for use on your desktop (Like Softerra LDAP browser, which is free) if you run windows.

I personally use LDAP without binding since I don't think you can currently change the password backwards onto the server. I had problems with binding and having it find the users as well. So, if you can do LDAP anonymously, that would be the way to go.

Hope this helps.