Results 1 to 8 of 8

Thread: The Mysteries of External LDAP Authentication

  1. #1
    bubarooni is offline Advanced Member
    Join Date
    Mar 2007
    Location
    Indiana
    Posts
    185
    Rep Power
    8

    Default The Mysteries of External LDAP Authentication

    OK, this isn't a show stopper, but I really wanted my users to be authenticated against my nt 4.0 domain. I'd prefer they use their Domain username. I'm really having trouble with the syntax and have not found a doc that explains it in absurdly simple terms so I'm stuck.

    I have an exchange 5.5 server on NT 4.0. It is also the PDC.

    I can telnet to the exchange server from the zimbra server with no problem. When I try to use the config wizard I can't get it to work for nothing. Here is what I am currently using:

    Summary of authenticaion settings:

    Authentication mechanism: External LDAP
    LDAP URL: ldap://192.168.1.222:389
    LDAP filter: =%u@mydom.com
    LDAP search base: p=mydom;o=CORPORATE;
    Use DN/Password to bind to external server: No

    Please provide username and password to test the authentication settings
    User name:
    Password

    I'm sure that my problem is the syntax I'm using in the LDAP filter and LDAP search base, I've tried dozens of different combos of examples I've found on this site and others. I'm sure I'm hitting the LDAP for authentication as several of the 'things' I've tried have returned errors like 'object does not exist'.

    A typical x400 email address on my Exchange Server looks like:

    x400 c=US;a= ;p=mydom;o=CORPORATE;s=Schmoe;g=Joe

    Thanks In Advance

  2. #2
    Klug's Avatar
    Klug is online now Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Are you sure you can do auth against your (old) Exchange's LDAP server ?

    It seems to me (but I can be wrong) that this LDAP can only be use to browser/search things in it but it's impossible to do any auth against it.
    You can only do auth against an AD's LDAP server (that you don't have, as you're running NT4.

  3. #3
    bubarooni is offline Advanced Member
    Join Date
    Mar 2007
    Location
    Indiana
    Posts
    185
    Rep Power
    8

    Default

    well, if it can't be done then it won't be a show stopper. this is actually the first step in getting rid of the nt 4.0. with the exchange server replaced i'm planning on replacing the box with a MS Server 2008 and CentOS samba combo for authentication.

    with the mydom.com was one of the 'things' i was trying. read the wiki already, my syntax needs polishing though!

    =%u returns:
    soap:Receiver
    system failure: java.lang.ArrayIndexOutOfBoundsException: -1

    %u= returns:
    javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error]; remaining name 'p=mydom;o=CORPORATE;'


    2 LDAP_PROTOCOL_ERROR: Indicates that the server has received an invalid or malformed request from the client

    which is why i think i'm using wrong syntax.

  4. #4
    bubarooni is offline Advanced Member
    Join Date
    Mar 2007
    Location
    Indiana
    Posts
    185
    Rep Power
    8

    Default

    i guess i'm just looking for examples that other people have used. i think i can figure it out if i see some real examples.

  5. #5
    Rich Graves is offline Outstanding Member
    Join Date
    Jan 2007
    Location
    Minnesota
    Posts
    719
    Rep Power
    9

    Default

    Try

    LDAP filter: samaccountname=%u

    Left side is the attribute to match; %u is replaced with username. The above would be for Active Directory. If the legacy Exchange LDAP service provides no single unique attribute to search for, then you'd lose, but I'd be surprised.

    LDAP search base is specified from most to least specific, something like:

    LDAP search base: o=corporate,p=mydom,c=US

    Is the a=(BLANK) above a typo or an html scrubbing artifact? It's invalid.

  6. #6
    bubarooni is offline Advanced Member
    Join Date
    Mar 2007
    Location
    Indiana
    Posts
    185
    Rep Power
    8

    Default

    i'll be going to active directory in july/august timeframe, so it's good to know the samaccountname thing.

    from what i've dug up on it since i read your post, i think it may be supported under NT too and will give it a try!

  7. #7
    bubarooni is offline Advanced Member
    Join Date
    Mar 2007
    Location
    Indiana
    Posts
    185
    Rep Power
    8

    Default

    I'm getting there!

    Server message: Authentication failed. Invalid credentials (bad dn/password)

    just gotta figure out what that error means now.

  8. #8
    bubarooni is offline Advanced Member
    Join Date
    Mar 2007
    Location
    Indiana
    Posts
    185
    Rep Power
    8

    Default

    i actually have the exchange server set for doing anonymous searches, but it keeps giving me that:

    Server message: Authentication failed. Invalid credentials (bad dn/password)
    error message.

    on the third page of the Authentication Configuration Wizard there is a place to use a dn/password combo.

    the help doc says:

    Use DN/Password to bind to external server. If the filter you entered cannot be run using an anonymous bind, then enter the DN/password for a service account on the external LDAP that has been granted access to the attributes required to do the search.

    when i look in the exchange server 5.5 ldap settings it shows me the Service Account Admin user and I tried that like this:

    Bind DN: cn=ThatUser;dc=MyDom;dc=com;
    and
    MyDom\ThatUser

    all to no avail.

    What should I be using for that Bind/DN?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. External LDAP with GSSAPI authentication method
    By izvictor in forum Installation
    Replies: 17
    Last Post: 03-11-2009, 08:14 AM
  2. External LDAP authentication problem
    By mchamboredon in forum Installation
    Replies: 2
    Last Post: 01-16-2008, 10:02 AM
  3. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 04:29 AM
  4. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 07:52 PM
  5. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •