Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: External LDAP with GSSAPI authentication method

  1. #1
    izvictor is offline Junior Member
    Join Date
    Jul 2006
    Location
    France
    Posts
    9
    Rep Power
    9

    Unhappy External LDAP with GSSAPI authentication method

    hello,
    We have downloaded the ZIMBRA open source release the beta version zcs-3.2.0_M2_224.RHEL4
    In our network we are using one LDAP for user information storage and a KERBEROS server for user password.
    Zimbra installed with no problems.
    For GAL Configuration we have chosen the external LDAP and it works fine, but for the Authentication configuration we have some problems,
    in fact because of the fact that LDAP is searching the user's password in kerberos using GSSAPI protocol, when setting up external authentication we always got the 'bad credentials error'.
    to make a LDAP search on command line we proceed like folowing:

    (getting a kerberos ticket)
    $kinit user
    Password for user@REALM:******

    (making a ldapsearch)
    ldapsearch -H ldap://ldapserver -b "dc=company,...,dc=fr" "uid=user" -Y GSSAPI
    and we have the user's info.

    is there a method configure ZIMBRA to interact with our LDAP server to authenticate users?
    thank you in advance,
    Victor.
    Last edited by izvictor; 08-11-2006 at 12:31 AM.

  2. #2
    izvictor is offline Junior Member
    Join Date
    Jul 2006
    Location
    France
    Posts
    9
    Rep Power
    9

    Unhappy is there still any hope for my situation?

    sorry to bother you again guys , I still haven't found the solution for my problem, is Zimbra adapted for my external LDAP ...
    any ideas ore suggestions would be helpfull.
    Thanks

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    Did you have a look th these instructions in the wiki, does that answer your question?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    izvictor is offline Junior Member
    Join Date
    Jul 2006
    Location
    France
    Posts
    9
    Rep Power
    9

    Unhappy

    Quote Originally Posted by phoenix
    Did you have a look th these instructions in the wiki, does that answer your question?
    Hi phoenix,
    thanks for the suggestion , but unfortunately thereis not to much help on the wiki, in fact the External Authetication is not even edited and the GAL Configuration works just fine for me.
    As far as I know there must be a Kerberos Module in JAVA , maybe I could change the source code the verify the password with kerberos?
    Thanks in advance Victor

  5. #5
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    The only way to do this today would be to put the passwords in LDAP and let s bind against that.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  6. #6
    izvictor is offline Junior Member
    Join Date
    Jul 2006
    Location
    France
    Posts
    9
    Rep Power
    9

    Post

    Quote Originally Posted by KevinH
    The only way to do this today would be to put the passwords in LDAP and let s bind against that.
    That's bad,
    One last question , does ZIMBRA support JAAS module for authentication or is it possible to integrate it to overpass the normal LDAP Authentication?
    Thanks
    Victor.

  7. #7
    izvictor is offline Junior Member
    Join Date
    Jul 2006
    Location
    France
    Posts
    9
    Rep Power
    9

    Post

    Quote Originally Posted by KevinH
    The only way to do this today would be to put the passwords in LDAP and let s bind against that.

    Me again
    Is there any tools to migrate kerberos user's password to LDAP? knowinf that the user exists on LDAP and Kerberos
    thanks
    Victor

  8. #8
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    No JASS or easy migration I know of. You could always just set a dummy password and check the change PWD on first login, then the user's would all get a new password. Of course this is not sync'd with the rest of your system.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  9. #9
    tommytune is offline Awaiting Activation
    Join Date
    Nov 2006
    Posts
    1
    Rep Power
    0

    Default

    izvictor, why is that bad, do you really see some type of advantage by using kerberos? Use the same password and the user should be fine when yo ubind against ldap

  10. #10
    izvictor is offline Junior Member
    Join Date
    Jul 2006
    Location
    France
    Posts
    9
    Rep Power
    9

    Default

    Quote Originally Posted by tommytune View Post
    izvictor, why is that bad, do you really see some type of advantage by using kerberos? Use the same password and the user should be fine when yo ubind against ldap
    The problem is that we already had an authentification server before ZIMBRA was developped and it's kind of difficult to ask every user to change his password so we could update LDAP. In addition kerberos is used in our institution also as a key distribution center for the login sessions on computers. We are trying tu use a centralized authentification , but any way I think we will continue using CYRUS IMAP POSTFIX for our mails.
    thanks for the post reply, hope in near future ZIMBRA will integrate Kerberos authentification or saslauthd authentification

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Disable local authentication with an external ldap
    By turmace in forum Administrators
    Replies: 4
    Last Post: 05-17-2007, 02:13 AM
  2. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 04:29 AM
  3. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 07:52 PM
  4. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM
  5. Replies: 5
    Last Post: 08-03-2006, 01:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •