Zimbra

dljordaneku · #41 (**permalink**) 05-08-2008, 07:47 AM

Never mind. I think I figured it out. I guess the Zimbra plugins are loging in to check the server status.

Still can't get the ldap to work though

dj

dljordaneku · #42 (**permalink**) 05-08-2008, 08:33 AM

Ok. New question. If Joomla tries to authentic against Zimbra and if it fails or not, shouldn't something get logged? If so, which log file?

dj

richardcwgate · #43 (**permalink**) 05-09-2008, 08:34 AM

Here's what you need to do to get Joomla to authenticate via Zimbra LDAP.
I assume Zimbra is enabled for ldap on port 389.
1) Create a Joomla account eg. with name myusername
2) Create a Zimbra account with the same name
4) Configure the Jooma ldap authentication plugin;
Enabled - Yes
Host - the FQDN for your Zimbra server
Port - 389
LDAP V3 - Yes
Negotiate TLS - No
Do not follow referrals - No
Authorization Method - Bind Directly as User
Base DN - dc=servername,dc=com (or what ever you use)
Search String - leave blank
Users DN - uid=[username],ou=people,dc=servername,dc=com (or what ever you use)
Connect username - leave blank
Connect password - leave blank
Map: Full Name - fullName
Map: E-mail
Map: User ID - uid
5) Make certain that the Joomla and Zimbra accounts have different passwords, then you know which authentication you have used.

dljordaneku · #44 (**permalink**) 05-09-2008, 10:01 AM

Ok. I am going to give this a shot and see what happens.

Quote:

Originally Posted by richardcwgate

1) Create a Joomla account eg. with name myusername
2) Create a Zimbra account with the same name
...
5) Make certain that the Joomla and Zimbra accounts have different passwords, then you know which authentication you have used.

One question though. What's the point of adding the Joomla and Zimbra account? If I have a list of users already in Zimbra, why do I need to add this one? Is it just to test?

dj

dljordaneku · #45 (**permalink**) 05-09-2008, 10:05 AM

Ok. I tested it and I get please enter a valid email address. I didn't however create a user in Joomla or Zimbra.

dj

richardcwgate · #46 (**permalink**) 05-09-2008, 10:10 AM

There needs to be two. The authentication will be done over LDAP to Zimbra but that's just authentication, it verifies the username/password combination and returns the account's e-mail address. Joomla then needs to be able to assign the permissions it uses for the account. So it matches the LDAP verified account to a Joomla account for this purpose.

dljordaneku · #47 (**permalink**) 05-09-2008, 10:23 AM

Ok. Success but couple of more questions. I added my username and a different pw and logged in with my zimbra pw just fine.

1. Do I have to add everyone in as a user then to Joomla? If so I don't think this is going to work for me. I already have over 300 users in Zimbra and that is a lot of users to add. Keep in mind that my users are not static. In other words as people come and go I know have two places to update. I guess to me that is not a very good way of it. I am sure it's how Joomla does it but seems to me a waste of resources.

2. Does the Zimbra plugins for Joomla only work with Ver. 5 of Zimbra. I need to upgrade to Ver 5 but haven't had time. When I try to login as Zimbra it errors out.

dj

richardcwgate · #48 (**permalink**) 05-09-2008, 10:44 AM

Quote:

Originally Posted by dljordaneku

Ok. Success but couple of more questions. I added my username and a different pw and logged in with my zimbra pw just fine.

1. Do I have to add everyone in as a user then to Joomla? If so I don't think this is going to work for me. I already have over 300 users in Zimbra and that is a lot of users to add. Keep in mind that my users are not static. In other words as people come and go I know have two places to update. I guess to me that is not a very good way of it. I am sure it's how Joomla does it but seems to me a waste of resources.

2. Does the Zimbra plugins for Joomla only work with Ver. 5 of Zimbra. I need to upgrade to Ver 5 but haven't had time. When I try to login as Zimbra it errors out.

dj

1) Yes you will need a Joomla and a Zimbra account but this process can be automated. Two simple ways would be; a) Use my plugin and get users to self register via Joomla and the plugin will generate the Zimbra account, but this will not help with your existing userbase. b) Write a plugin automatically creates the Joomla account during the login process after validating the account via LDAP.

2) It depends on what has changed on the Zimbra ldap side between versions. It may need the Joomla LDAP authentication plugin parameters altering, particularly the LDAP V3 and Users DN settings.

brained · #49 (**permalink**) 05-11-2008, 08:54 PM

I'm having some partial success with this.

If I create matching accounts (username and passwords) on both Zimbra and Joomla, leave Joomla auth enabled, I can successfully use the preauth to log into Zimbra from Joomla.

If I disable Joomla auth and leave LDAP auth on there is a no such account error.

Creating a new Joomla account results in no Zimbra account being created.
zimbra.log reveals:

Code:

May 11 20:39:47 zimbra saslauthd[28381]: zmauth: authenticating against elected url 'https://zimbra.chromedcomputing.com:7071/service/admin/soap/' ...
May 11 20:39:47 zimbra saslauthd[28381]: zmpost: url='https://zimbra.chromedcomputing.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xml
ns="urn:zimbra"><change token="8002"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>biglongauthtokenhere</authToken><lifetime>172800000</lifetime><skin>lemongrass</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error=''
May 11 20:39:47 zimbra saslauthd[28381]: auth_zimbra: admin@zimbra.chromedcomputing.com auth OK
May 11 20:39:47 zimbra saslauthd[28386]: zmauth: authenticating against elected url 'https://zimbra.chromedcomputing.com:7071/service/admin/soap/' ...
May 11 20:39:47 zimbra saslauthd[28386]: zmpost: url='https://zimbra.chromedcomputing.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xml
ns="urn:zimbra"><change token="8002"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>biglongauthtokenhere</authToken><lifetime>172799999</lifetime><skin>lemongrass</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error=''
May 11 20:39:47 zimbra saslauthd[28386]: auth_zimbra: admin@zimbra.chromedcomputing.com auth OK

Server is 5.0.5 NE on Ubuntu 6.06

I can see it's some kind of auth error from looking at the other post containing "hti->error=" but could use a little help from here.

richardcwgate · #50 (**permalink**) 05-12-2008, 02:25 AM

Quote:

Originally Posted by brained

I'm having some partial success with this.

If I create matching accounts (username and passwords) on both Zimbra and Joomla, leave Joomla auth enabled, I can successfully use the preauth to log into Zimbra from Joomla.

If I disable Joomla auth and leave LDAP auth on there is a no such account error.

.......

Sorry Brian I'm a little confused. You started off saying preauth works and then seem to say it didn't?