External LDAP: Admin says it works, but users can't login

[rrsd]

Have my system running on CentOS 4.x, everything updated via yum. Got zimbra to start and it appears happy, then I went to the domain part of the admin console (webapp), and went to "configure authentication" and set up the LDAP filter (uid=%u) and search base: ou=People,dc=blah,dc=blahblah, and when I went to test it, it worked: I tried different user accounts, and gave correct and incorrect passwords, and the test succeeded in authenticating when the password was correct only.

If only that were the case for the rest of the application. When I try to login as a regular user, it says wrong password, whether I append the domain or not. I'm quite sure that the password being given is correct, and frankly it returns failure much too quickly - I suspect I've missed a step here. I've tried with and without the DN/password set.

zmcontrol status shows everything running.
ldapwhoami returns the following:

Quote:

[zimbra@mail ~]$ ldapwhoami
SASL/OTP authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-13): user not found: no OTP secret in database

Same thing with ldapsearch. D'oh! What'd I miss?

[KevinH]

Are you pointing to an external LDAP or zimbra itself. Can you run a local LDAP search against your LDAP dir?

[rrsd]

How would I be able to find out the answers to these questions?

[KevinH]

Is the ldap host you configured the same as the zimbra host?

[rrsd]

As far as I can tell, there are two places where LDAP configuration is an issue. The first place is in the CLI during the operation of zmsetup.pl, and for that part I left things default (LDAP happens on the zimbra host) per the phone support person at zimbra. The second place I configured LDAP is in the zimbra admin console, and in that location, I've configured zimbra to look at an external LDAP server - the one we use to authenticate all our users.

Hope that makes things slightly more clear than mud...

[KevinH]

Quote:

Originally Posted by rrsd

As far as I can tell, there are two places where LDAP configuration is an issue. The first place is in the CLI during the operation of zmsetup.pl, and for that part I left things default (LDAP happens on the zimbra host) per the phone support person at zimbra. The second place I configured LDAP is in the zimbra admin console, and in that location, I've configured zimbra to look at an external LDAP server - the one we use to authenticate all our users.

Hope that makes things slightly more clear than mud...

Do you have a support case for this? If so please finish there. It's a waste of our time to try to solve the same problem in two places. If not we can keep working on it here.

Can you use ldasearch to run a test search against your external LDAP server? Just do a simple search for like an email address.

[rrsd]

There is not currently a support case open on this issue.

ldapsearch throws the same error as given above. So I'm pretty much at a loss.

[rrsd]

Argh, ok. Turns out that I have to also create the account in zimbraAdmin. Then everything goes swimmingly.