Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
 
Go Back   Zimbra - Forums > Zimbra Collaboration Suite > Installation

Welcome to the Zimbra - Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack (1) Thread Tools Display Modes
  1 links from elsewhere to this Post. Click to view. #1 (permalink)  
Old 08-09-2006, 08:20 AM
Junior Member
 
Posts: 9
Unhappy External LDAP with GSSAPI authentication method

hello,
We have downloaded the ZIMBRA open source release the beta version zcs-3.2.0_M2_224.RHEL4
In our network we are using one LDAP for user information storage and a KERBEROS server for user password.
Zimbra installed with no problems.
For GAL Configuration we have chosen the external LDAP and it works fine, but for the Authentication configuration we have some problems,
in fact because of the fact that LDAP is searching the user's password in kerberos using GSSAPI protocol, when setting up external authentication we always got the 'bad credentials error'.
to make a LDAP search on command line we proceed like folowing:

(getting a kerberos ticket)
$kinit user
Password for user@REALM:******

(making a ldapsearch)
ldapsearch -H ldap://ldapserver -b "dc=company,...,dc=fr" "uid=user" -Y GSSAPI
and we have the user's info.

is there a method configure ZIMBRA to interact with our LDAP server to authenticate users?
thank you in advance,
Victor.

Last edited by izvictor : 08-11-2006 at 01:31 AM.
Reply With Quote
  #2 (permalink)  
Old 08-11-2006, 03:52 AM
Junior Member
 
Posts: 9
Unhappy is there still any hope for my situation?

sorry to bother you again guys , I still haven't found the solution for my problem, is Zimbra adapted for my external LDAP ...
any ideas ore suggestions would be helpfull.
Thanks
Reply With Quote
  #3 (permalink)  
Old 08-11-2006, 04:52 AM
Zimbra Consultant & Moderator
 
Posts: 11,506
Default

Did you have a look th these instructions in the wiki, does that answer your question?
__________________
Regards


Bill
Reply With Quote
  #4 (permalink)  
Old 08-14-2006, 06:18 AM
Junior Member
 
Posts: 9
Unhappy

Quote:
Originally Posted by phoenix
Did you have a look th these instructions in the wiki, does that answer your question?
Hi phoenix,
thanks for the suggestion , but unfortunately thereis not to much help on the wiki, in fact the External Authetication is not even edited and the GAL Configuration works just fine for me.
As far as I know there must be a Kerberos Module in JAVA , maybe I could change the source code the verify the password with kerberos?
Thanks in advance Victor
Reply With Quote
  #5 (permalink)  
Old 08-15-2006, 10:38 PM
Zimbra Employee
 
Posts: 4,784
Default

The only way to do this today would be to put the passwords in LDAP and let s bind against that.
__________________
Bugzilla - Wiki - Downloads - Offline Client
Reply With Quote
  #6 (permalink)  
Old 08-16-2006, 09:37 AM
Junior Member
 
Posts: 9
Post

Quote:
Originally Posted by KevinH
The only way to do this today would be to put the passwords in LDAP and let s bind against that.
That's bad,
One last question , does ZIMBRA support JAAS module for authentication or is it possible to integrate it to overpass the normal LDAP Authentication?
Thanks
Victor.
Reply With Quote
  #7 (permalink)  
Old 08-16-2006, 09:44 AM
Junior Member
 
Posts: 9
Post

Quote:
Originally Posted by KevinH
The only way to do this today would be to put the passwords in LDAP and let s bind against that.

Me again
Is there any tools to migrate kerberos user's password to LDAP? knowinf that the user exists on LDAP and Kerberos
thanks
Victor
Reply With Quote
  #8 (permalink)  
Old 08-17-2006, 10:05 PM
Zimbra Employee
 
Posts: 4,784
Default

No JASS or easy migration I know of. You could always just set a dummy password and check the change PWD on first login, then the user's would all get a new password. Of course this is not sync'd with the rest of your system.
__________________
Bugzilla - Wiki - Downloads - Offline Client
Reply With Quote
  #9 (permalink)  
Old 11-30-2006, 11:43 AM
Awaiting Activation
 
Posts: 1
Default

izvictor, why is that bad, do you really see some type of advantage by using kerberos? Use the same password and the user should be fine when yo ubind against ldap
Reply With Quote
  #10 (permalink)  
Old 11-30-2006, 12:18 PM
Junior Member
 
Posts: 9
Default

Quote:
Originally Posted by tommytune View Post
izvictor, why is that bad, do you really see some type of advantage by using kerberos? Use the same password and the user should be fine when yo ubind against ldap
The problem is that we already had an authentification server before ZIMBRA was developped and it's kind of difficult to ask every user to change his password so we could update LDAP. In addition kerberos is used in our institution also as a key distribution center for the login sessions on computers. We are trying tu use a centralized authentification , but any way I think we will continue using CYRUS IMAP POSTFIX for our mails.
thanks for the post reply, hope in near future ZIMBRA will integrate Kerberos authentification or saslauthd authentification
Reply With Quote
Reply


Thread Tools
Display Modes


Similar Threads

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

Zimbrablog.com




 

Search Engine Optimization by vBSEO 3.1.0