External LDAP authentication problem

[mchamboredon]

Hello,
I am testing zimbra on my centos 4.4 "sandbox" machine. The installation ended well.
I can login the webmail and the administration panel with the default "admin" local user.
I try to set up an external authentication.
So I tried this:

Code:

Authentication mechanism: 	External LDAP
LDAP bind DN template: 	
LDAP URL: 	ldap://192.168.*.*:389
LDAP filter: 	uid=%u
LDAP search base: 	dc=**,dc=com
Use DN/Password to bind to external server: 	Yes
Bind DN: cn=**,dc=**,dc=com

It works perfectly in the latest test page. But I cannot login with my LDAP users. Here is a trace of the log:

Code:

2007-05-14 14:34:41,518 INFO  [http-80-Processor97] [ua=zclient/4.5.5_GA_838.RHEL4;ip=127.0.0.1;] SoapEngine - handler exception
com.zimbra.cs.account.AccountServiceException: authentication failed for mchamboredon@**.com
        at com.zimbra.cs.account.AccountServiceException.AUTH_FAILED(AccountServiceException.java:87)
        at com.zimbra.cs.service.account.Auth.handle(Auth.java:111)
        at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:270)
        at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:168)
        at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:90)
        at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:223)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
        at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)

This a fresh "zcs-4.5.5_GA_838.RHEL4.tgz" install which wasn't tweaked.
I tied with "mchamboredon" but also "mchamboredon@domain.com" as login... The result is the same.
What could you advice me to solve this problem ?

[fmodola]

I had a similar problem : I tried to authenticate with the alias name ... it doesn't work ! You need to authenticate with the username.

If you want to authenticate with your alias name, replace username by alias, and vice versa.

[su_A_ve]

We just got this same issue with a user. We have two message stores and are switching them between.

COS-A is on SERVER-A
COS-B is on SERVER-B

Right now we moved the user's COS from COS-A to COS-B but apparently the account was closed before.

The user can log in in SERVER-A, but if he tries to log in on SERVER-B he gets and error (an mailbox shows the dump as above).

It's not password (the mailbox log dump is different and clearly shows invalid password), and we have several other users that were moved from COS...