Results 1 to 7 of 7

Thread: zimbra ldap

  1. #1
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    7

    Default zimbra ldap

    I am trying to connect to zimbra ldap from remote machine .

    I run ldapsearch -h fqdn -x -D 'binddn' -S '' -w passwd -b "ou=people,etc." .

    The error message i get is ldap_sasl_bind(SIMPLE) : can't contact LDAP server .

    Now if i run this ldapsearch directly on the zimbra machine , it works fine except i found out i have to use that -x option which i am not familiar with and i haven't seen this sasl thing before either .

    Anyone know to point me in the right direction ?

  2. #2
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    are you sure you're not running any firewall on the local machine or in between the 2 machines you are using? Afaik, zimbra-ldap listens on every interface by default. Maybe try to telnet to port 389 of the zimbra server and see if you actually connect to the port.

  3. #3
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Welcome to the forums,

    I'm not a big LDAP person so can't speak to your ldapsearch query - but just a reminder that if you do determine that it's a firewall we don't recommend 389 open to the entire internet - keep it to your LAN (or VPN groups etc).

    Firewall Configuration - Zimbra :: Wiki & Ports - Zimbra :: Wiki

    See this post about 389: [SOLVED] Serious security breach on all Zimbra servers?

    Open: Bug 15378 - Obviate the need for and disallow LDAP anonymous binds

    Currently you can connect securely, but you can still connect insecurely - hence the recommendation to prevent at the firewall.

    Say you want 389 open but not insecure communication:
    See what security level TLS connections make (usually it's 256 - depends on your key strength though) then add add security tls=256 to /opt/zimbra/conf/sldapd.conf.in
    security ssf=256 would be better to require all communications be 256 enc
    security ssf=256 simple_bind=256

    Open: Bug 20739 - make force-TLS for LDAP configurable (hook up the ldap_require_tls attribute)

    5.0.7 internal communication lock down: Bug 16601 - Secure Access To LDAP (ldap_starttls_supported and zimbra_require_interprocess_security)
    Last edited by mmorse; 07-07-2008 at 01:24 PM.

  4. #4
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    7

    Default mta tls

    We have MTA TLS on ... does that mean i must connect with TLS to ldap ?

    Or should i be able to connect with no problem using simple bind ?

    There is no firewall interference .

  5. #5
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    7

    Default

    Found the problem :

    the problem is slapd is called with -h option :

    -h myhost.com:389 .

    if no h option is specified it defaults to ldap:/// which allows slapd to listen to all ipaddresses ... anyone know how to start zimbra ldap without the -h ?

  6. #6
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    7

    Default

    i changed ldap_url in localconfig.xml to ldap:/// and everything works fine now .

  7. #7
    Join Date
    Jul 2008
    Posts
    5
    Rep Power
    7

    Default

    no , i just discovered that e-mails are not being received ... so ldap:/// as ldap_url is a problem ... ldap works fine though ...

Similar Threads

  1. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  2. [SOLVED] Error Installing Zimbra on RHEL 5
    By harris7139 in forum Installation
    Replies: 10
    Last Post: 09-25-2007, 12:39 PM
  3. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 12:34 PM
  4. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM
  5. Replies: 16
    Last Post: 09-07-2006, 07:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •