Zimbra with Open LDAP on MAC OS X

[Andy]

I want to configure Zimbra with OpenDirectory in Mac OS X Server.
I had configure Zimbra in mac os x and also configure in built Open Directory in the same. Now i want to configure how can i access opendirectory user through Zimbra.

[phoenix]

Welcome to the forums.

I'm not sure you can do that, search the forums for some info. I assume you've set opendirectory to run on a port other than 389? There's some instructions in the wiki on authentication. I can't remember offhand if you can point Zimbra LDAP to a different port for authentication.

[brian]

This ldap filter will work with OpenDirectory
(&(objectClass=inetOrgPerson)(objectClass=posixAccou nt)(uid=%u))

[osNomad]

This ldap filter will work with OpenDirectory
(&(objectClass=inetOrgPerson)(objectClass=posixAccou nt)(uid=%u))

i just finished setting up a zimbra installation and i configured ldap authentication using the above ldap filter. the test was successful and i see the authentication occur in the slapd.log file on my opendirectory server. i can't, however, log in to the mail client as any ldap user in my domain, not even the user i used to test the ldap connection. i don't see any error occur in the slapd.log file, it just won't authenticate. has anyone had any luck with this and can shed some light on the situation?

thanks

-john

[phoenix]

I presume you tried it without the extra space that you have in that example?

Code:

(&(objectClass=inetOrgPerson)(objectClass=posixAccou nt)(uid=%u))
                                                    ^

[osNomad]

phoenix- heh... yeah, i cleared the space before i tested it. like i said... it works for the authentication test when setting up the external ldap but doesn't work when i try to test as a user logging into the webmail client.

[phoenix]

Just thought I'd check. Have you tried it with just (uid=%u) as the ldap filter?

[osNomad]

that was actually the way i tried it first and it also resulted in a successful ldap configuration test but no web client login.

[phoenix]

Are you using the full email address to login or just their name? Have you tried both? Anything in the logs? I assume you have created these accounts in Zimbra as well?

[osNomad]

interesting. i tried both the username and the email address as a username, neither worked. i assumed that the user account information would be pulled from the opendirectory server with no need to setup a user in zimbra. i just setup a test user with no password set in zimbra and it does successfully log in to the webmail client as that user using the opendirectory password.

you can color me stupid.

i guess my question now is... is there a way i can use the user accounts on the opendirectory server or do they HAVE to also be in zimbra.

here are some of my log errors:
ldap.log
Apr 5 10:15:51 opendirectory slapd[48]: <= bdb_substring_candidates: (givenName) index_param failed (18)\n
Apr 5 10:15:51 opendirectory slapd[48]: <= bdb_substring_candidates: (mail) index_param failed (18)\n

password service error log:

Apr 5 2007 10:14:20 LauchTaskWithIO path = /usr/sbin/kdb5_util, arg1 = dump, arg2 = /var/db/krb5kdc/KerbDumpFilefcmWQ, status = 1
Apr 5 2007 10:15:25 LauchTaskWithIO path = /usr/sbin/kdb5_util, arg1 = dump, arg2 = /var/db/krb5kdc/KerbDumpFilePcmeb, status = 1
Apr 5 2007 10:16:31 LauchTaskWithIO path = /usr/sbin/kdb5_util, arg1 = dump, arg2 = /var/db/krb5kdc/KerbDumpFileVhooh, status = 1
Apr 5 2007 10:17:31 LauchTaskWithIO path = /usr/sbin/kdb5_util, arg1 = dump, arg2 = /var/db/krb5kdc/KerbDumpFiledto8J, status = 1
Apr 5 2007 10:18:36 LauchTaskWithIO path = /usr/sbin/kdb5_util, arg1 = dump, arg2 = /var/db/krb5kdc/KerbDumpFileP7DiT, status = 1