Results 1 to 4 of 4

Thread: Authentication to external ldap stop working.

  1. #1
    jahaj is offline Junior Member
    Join Date
    Nov 2006
    Posts
    7
    Rep Power
    8

    Default Authentication to external ldap stop working.

    I have configured Zimbra to authenticate to my external ldap/samba server. I tested before and it was working all last week. I was able to access webmail with the users I created with zimprov (no password set on zimbra).
    Last Friday I could not login anymore. I went and test the external authentication from the Zimbra admin console and it was not working anymore. The test failed with the following error: Server Message Authentication failed. Invalid credentials (bad dn/password).

    I am surprised with the DN error since I know for sure that I am using the correct dn account and password. I use our external ldap server to manage all our samba accounts and I can go login to my Ldap account manager (LAM) right now with the dn account: cn=Manager,dc=mydomain,dc=com and with the dn password mypassword without any problem. Our windows xp /samba users are being authenticated every day from our LDAP server and I haven't changed the Ldap dn password since I installed the ldap Samba 2 months ago.

    Here my authentication settings:

    Authentication mechanism: External LDAP
    LDAP URL: ldap://192.168.0.5:389
    LDAP filter: (uid=%u)
    LDAP search base: dc=mydomain,dc=com
    Use DN/password to bind to external server: yes
    Bind DN: cn=Manager, dc=mydomain,dc=com


    I did not made any change on my ldap server or on my zimbra configuration. I had createt a secondaire domain which was set to use internal authentication But after experiencing all these issues, I deleted it.

    Any help? I have search the forum to checked again and again the wiki.

    The complete error message when testing with the authentication config wizard from admin console:

    Server Message Authentication failed. Invalid credentials (bad dn/password).

    javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.jav a:2985)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCt x.java:2931)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCt x.java:2732)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:264 6)
    at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapC txFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Ldap CtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:247)
    at javax.naming.InitialContext.init(InitialContext.ja va:223)
    at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134)
    at com.zimbra.cs.account.ldap.LdapUtil.getDirContext( LdapUtil.java:231)
    at com.zimbra.cs.account.ldap.LdapUtil.ldapAuthentica te(LdapUtil.java:263)
    at com.zimbra.cs.account.ldap.Check.checkAuthConfig(C heck.java:153)
    at com.zimbra.cs.service.admin.CheckAuthConfig.handle (CheckAuthConfig.java:53)
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:261)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:162)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:84)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:223)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:709)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:173)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:252)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
    at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:213)
    at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:178)
    at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126)
    at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
    at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:107)
    at org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:541)
    at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:148)
    at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:869)
    at org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt ocol.java:667)
    at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket(PoolTcpEndpoint.java:527)
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt(LeaderFollowerWorkerThread.java:80)
    at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)


    Thank you for your help

  2. #2
    jahaj is offline Junior Member
    Join Date
    Nov 2006
    Posts
    7
    Rep Power
    8

    Default Is there any help with external ldap authentication not working anymore

    Anyone has an idea what may be wrong with the Ldap external authentication.
    I have reinstalled after running install.sh -u. The only change I remember now is that I installed a new version of kernel source 2.6.18-1.2239.fc5smp on my system.

  3. #3
    jahaj is offline Junior Member
    Join Date
    Nov 2006
    Posts
    7
    Rep Power
    8

    Default Found the problem

    I found the problem. it is with the ldap server. I have ldap running on my samba server for authenticating samba users and I want it to authenticate zimbra users as well. The problem is that I am using ldap account manager LAM to manage the Ldap accounts. I found out that zimbra authentication failed for any ldap account created with LAM. Accounts created with the smbldap-tools script - smbldap-useradd.pl won't have any problem authenticating zimbra users. The fix for me is to delete the accounts (around 10 ) that cannot authenticate with Zimbra and recreate them again using smbldap-useradd.

    jahaj

  4. #4
    facerw is offline Junior Member
    Join Date
    Nov 2006
    Posts
    5
    Rep Power
    8

    Default

    We had a similar issue in converting NT to Samba accounts and then Samba to LDAP. In our case we have 60 users but it would be nice if there was a step to convert the Samba accounts to Ldap after converting from NT with passwords still intact.


LinkBacks (?)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. External LDAP with GSSAPI authentication method
    By izvictor in forum Installation
    Replies: 17
    Last Post: 03-11-2009, 08:14 AM
  2. Disable local authentication with an external ldap
    By turmace in forum Administrators
    Replies: 4
    Last Post: 05-17-2007, 02:13 AM
  3. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 04:29 AM
  4. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 07:52 PM
  5. external LDAP authentication in M2
    By jstewart in forum Installation
    Replies: 5
    Last Post: 12-08-2005, 09:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •