Results 1 to 8 of 8

Thread: External LDAP: Admin says it works, but users can't login

  1. #1
    rrsd is offline Intermediate Member
    Join Date
    Apr 2006
    Posts
    15
    Rep Power
    9

    Default External LDAP: Admin says it works, but users can't login

    Have my system running on CentOS 4.x, everything updated via yum. Got zimbra to start and it appears happy, then I went to the domain part of the admin console (webapp), and went to "configure authentication" and set up the LDAP filter (uid=%u) and search base: ou=People,dc=blah,dc=blahblah, and when I went to test it, it worked: I tried different user accounts, and gave correct and incorrect passwords, and the test succeeded in authenticating when the password was correct only.

    If only that were the case for the rest of the application. When I try to login as a regular user, it says wrong password, whether I append the domain or not. I'm quite sure that the password being given is correct, and frankly it returns failure much too quickly - I suspect I've missed a step here. I've tried with and without the DN/password set.

    zmcontrol status shows everything running.
    ldapwhoami returns the following:
    [zimbra@mail ~]$ ldapwhoami
    SASL/OTP authentication started
    ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
    additional info: SASL(-13): user not found: no OTP secret in database
    Same thing with ldapsearch. D'oh! What'd I miss?

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Are you pointing to an external LDAP or zimbra itself. Can you run a local LDAP search against your LDAP dir?
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    rrsd is offline Intermediate Member
    Join Date
    Apr 2006
    Posts
    15
    Rep Power
    9

    Default

    How would I be able to find out the answers to these questions?

  4. #4
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Is the ldap host you configured the same as the zimbra host?
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  5. #5
    rrsd is offline Intermediate Member
    Join Date
    Apr 2006
    Posts
    15
    Rep Power
    9

    Default

    As far as I can tell, there are two places where LDAP configuration is an issue. The first place is in the CLI during the operation of zmsetup.pl, and for that part I left things default (LDAP happens on the zimbra host) per the phone support person at zimbra. The second place I configured LDAP is in the zimbra admin console, and in that location, I've configured zimbra to look at an external LDAP server - the one we use to authenticate all our users.

    Hope that makes things slightly more clear than mud...

  6. #6
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Quote Originally Posted by rrsd
    As far as I can tell, there are two places where LDAP configuration is an issue. The first place is in the CLI during the operation of zmsetup.pl, and for that part I left things default (LDAP happens on the zimbra host) per the phone support person at zimbra. The second place I configured LDAP is in the zimbra admin console, and in that location, I've configured zimbra to look at an external LDAP server - the one we use to authenticate all our users.

    Hope that makes things slightly more clear than mud...
    Do you have a support case for this? If so please finish there. It's a waste of our time to try to solve the same problem in two places. If not we can keep working on it here.

    Can you use ldasearch to run a test search against your external LDAP server? Just do a simple search for like an email address.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  7. #7
    rrsd is offline Intermediate Member
    Join Date
    Apr 2006
    Posts
    15
    Rep Power
    9

    Default

    There is not currently a support case open on this issue.

    ldapsearch throws the same error as given above. So I'm pretty much at a loss.
    Last edited by rrsd; 04-14-2006 at 10:05 AM.

  8. #8
    rrsd is offline Intermediate Member
    Join Date
    Apr 2006
    Posts
    15
    Rep Power
    9

    Default

    Argh, ok. Turns out that I have to also create the account in zimbraAdmin. Then everything goes swimmingly.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Can Ldap autheticate user's system login
    By bylong in forum Installation
    Replies: 6
    Last Post: 07-04-2007, 09:01 PM
  2. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 04:29 AM
  3. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 07:52 PM
  4. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM
  5. External LDAP - Users can't log in
    By bjimerson in forum Administrators
    Replies: 4
    Last Post: 08-20-2006, 01:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •