External LDAP Problem

[facerw]

I'm new to zimbra and need some help.

I want to have Zimbra authenticate to our ldap server. My set up is as follows:

zimbra.oddcast.com (10.0.0.90)
ldappdc.oddcast.com (10.3.1.200) - Centos 4.4 LDAP Server

My current slapd.conf configuration is as follows:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema

allow bind_v2

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args

database bdb
suffix "dc=oddcast,dc=com"
rootdn "cn=Manager,dc=oddcast,dc=com"
rootpw **********************************
directory /var/lib/ldap

QUESTION:

My GAL is as follows:


GAL mode:
External
Most results returned by GAL search:
100
Server type:
LDAP
LDAP filter:*
(cn=*%s*)
Autocomplete filter:
externalLdapAutoComplete
LDAP search base:
dc=oddcast,dc=com
LDAP URL:
ldap://10.3.1.200:389
Bind DN:
cn=Manager,dc=oddcast,dc=com

After testing this setup, it works.

When I use the following for Authentication:

Authentication mechanism:
External LDAP
LDAP bind DN template:
LDAP URL::
LDAP bind DN template:
LDAP URL::
ldap://10.3.1.200:389
LDAP filter:
(cn=%n)
LDAP search base:
ou=People,dc=oddcast,dc=com
Use DN/Password to bind to external server:
Yes
Bind DN: cn=Manager,dc=oddcast,dc = com

This authenticates as well.

Is this right and if not, how do I correct it? I want to use the LDAP server to create and authenticate the accounts. The LDIF files are as shown:

oddcast.com.ldif:

dn: dc=oddcast,dc=com
dc: oddcast
description: Root LDAP entry for oddcast.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject

dn: ou=People, dc=oddcast,dc=com
ou: People
description: All people in organisation
objectClass: organizationalUnit


ldapusers.ldif:

dn: uid=wfacer,ou=People,dc=oddcast,dc=com
uid: wfacer
cn: wfacer
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: ----------------------------------------------------------
shadowLastChange: 13465
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/wfacer

dn: uid=charles,ou=People,dc=oddcast,dc=com
uid: charles
cn: charles
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: --------------------------------------
shadowLastChange: 13466
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 502
gidNumber: 502
homeDirectory: /home/charles

[KevinH]

Are you having a problem? If so what is the error?

[facerw]

I have no error but here's what I want to do. I would like to have it so my LDAP box is the one that has the account information so that I don't have to create the accounts on my Zimbra box. We want to use the LDAP box do do that.

[phoenix]

You'll have to provision the accounts in Zimbra, if you need to do it with a script then look in the wiki for some details.

[gigapipe]

Hi Phoenix,

do you mean that in order to authenticate with external LDAP users we should first introduce them in Zimbra?

regards,

Felipe

[phoenix]

Quote:

Originally Posted by gigapipe

do you mean that in order to authenticate with external LDAP users we should first introduce them in Zimbra?

Yes, that's correct.

[gigapipe]

Hi,

thanks for your answer Phoenix.

Now, my doubt is related with the objective of the integration Zimbra-externalLDAP such as Active Directory if we should insert the users in Zimbra in order to authenticate.

I thought Zimbra would import these users (or some info) but not duplicating the users.

Felipe

[phoenix]

We require them in Zimbra because we need them to be provisioned there, it's more than just creating a user record. Search the forums & wiki for some details of how to use AD & Zimbra.