Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page External LDAP Authentification issue

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-27-2007, 01:29 PM
Intermediate Member
  
Posts: 17
Default External LDAP Authentification issue
I am currently testing Zimbra Network Edition on a SLES9 server. Zimbra currently is configured to Authenticate against our External Novell eDirectory server. The problem I have run into is that there are a few users who have alias user objects created in our Novell Tree. These users are unable to authenticate against zimbra. The zimbra mailbox.log indicates that the ldapsearch filter is returning more than one result for the username. Is there a way to adjust the search filter in order to leave out the aliased objects?
Reply With Quote
  #2 (permalink)  
Old 06-27-2007, 02:48 PM
Active Member
  
Posts: 31
Default
There probably is.

Could you post the LDIF for a user and one of his alias objects? I'm not familiar with "alias user objects" personally, but I strongly suspect there's enough of a difference to tell them apart in a standard manner.

Something similar to the following should work, for example, if the actual user is a posixAccount but his aliases are not... (&(uid=%u)(objectclass=posixAccount))
Reply With Quote
  #3 (permalink)  
Old 06-28-2007, 12:06 PM
Intermediate Member
  
Posts: 17
Default
Bevan,

Thank you for the advice.

Here is the filter I tried to use for LDAP authentification:

Quote:
(& (cn=%u)(! (objectClass=aliasObject)))
However I recieve this error when I try to authenticate using credentials that have alias objects in the Novell tree.:

Quote:
AuthenticationException: too many results from search filter!
An ldapsearch from the command line on the Zimbra server using the above ldap filter only returns the actual user object.

I also tried this filter
Quote:
(& (cn=%u)(objectClass=inetOrgPerson))
, but had the same results.

Here are the ldif entries you requested.

Quote:
# extended LDIF
#
# LDAPv3
# base with scope sub
# filter: cn=cjs
# requesting: ALL
#

# CJS, OU1, BC
dn: cn=CJS,ou=ORGANIZATION,o=BC
mail: "Test User"
uid: CJS
givenName: Test
fullName: Test User
messageServer: cn=COURTHOUSE,ou=ORGANIZATION,o=BC
sn: User
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
loginTime: 20070628100502Z
loginIntruderAddress:: MCP//wADAAAAAAABBFE=
loginGraceRemaining: 5
loginGraceLimit: 6
loginDisabled: FALSE
ndsHomeDirectory: cn=ORG_VOL2,ou=ORGANIZATION,o=BC#0#HOMES\CJS
groupMembership: cn=Internet,o=MAIL
cn: CJS
cn: Test User

# cjs, OU2, BC
dn: cn=cjs,ou=OU2,o=BC
objectClass: aliasObject
objectClass: Top
cn: cjs

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2
Reply With Quote
  #4 (permalink)  
Old 06-28-2007, 02:05 PM
Active Member
  
Posts: 31
Default
Hmm, I'd expect the two you tried to work.
If you run a manual ldapsearch using those filters, what do you see?
It's a longshot, but you seem to have whitespace after your & and !... I don't remember if that can be a problem or not.

Also, given your example, have you tried using simply (uid=%u) ?
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.