Results 1 to 9 of 9

Thread: Zimbra to Zimbra GAL

  1. #1
    Join Date
    Dec 2009
    Location
    Russia, Moscow
    Posts
    27
    Rep Power
    5

    Unhappy Zimbra to Zimbra GAL

    Hi,

    I have two zimbra servers both 6.0.4, and new task has been given to get one global list of contacts. I tried connecting one zimbra server to another through GAL Configuration Wizard, using following settings:

    GAL: External
    Results: 100
    Name of gal: my.post.com
    Server type: LDAP
    ldap://my.post.com:389

    ldap filter: (|(cn = %s*)(sn=%s*)(gn=%s*)(mail=%s*))
    auto filter: (|(cn = %s*)(sn=%s*)(gn=%s*)(mail=%s*))
    base: dc=my, dc=post, dc=com

    DN:
    DNuser:my_admin_user
    DNpass:my_admin_pass

    everything next is set by default, and i get error: check.CONNECION_REFUSED
    [Root exception is java.net.ConnectException: Connection refused]

    Both Zimbra's installed on Ubuntu 8.0.4

    I did manage to get it work with AD. I was getting returned with search strings i requested. But no success with LDAP.

    Have read all of the gal topics in forums, but still couldnt get it to work.

    Please help

  2. #2
    Join Date
    Dec 2009
    Location
    Russia, Moscow
    Posts
    27
    Rep Power
    5

    Default

    Up, please help

  3. #3
    Join Date
    Mar 2009
    Posts
    16
    Rep Power
    6

    Default

    Looks to me that you might have a firewall ( physical or iptables ), or either you don't use plain ldap buy maibe ldaps.

    you can check the connectivity between host with telnet <ip> <tcp_port>

    I hope this will lead you further in finding the root cause...

    Best regards,
    Alex R.

  4. #4
    Join Date
    Dec 2009
    Location
    Russia, Moscow
    Posts
    27
    Rep Power
    5

    Default

    Yes i tried connecting through telnet it does, work with 389 port, but it just black screen,when i try to type in commands, it kinda disconnects me. Is there a way to check LDAP from console? Like is it working at all, if it does it suppose to return something.

  5. #5
    Join Date
    Mar 2009
    Posts
    16
    Rep Power
    6

    Default

    You can use ldapsearch to check the response of the remote server
    This example below will return you nothing, since in zimbra 6 anonymous bind is not allowed anymore, but at least you can check the connectivity and somre response....

    Code:
    ldapsearch -t -x -H ldap://<remote_host>:389 -b "" -L (&(objectClass=zimbraAccount))"
    Btw... Did you check the connectivity from the machine were you tried to setup the GAL -> the machine where the GAL is ? Or opposite...

    Maybe you can describe a bit more how is the connectivity between your hosts...
    Code:
    serverA --> switchA --> firewallA --> routerA --> switchB --> serverB
    I still suspect a connectivity issue...
    On the remote host you can check the connections with "netstat -natp"
    see if your host from where you try to connect using telnet <host> 389
    shows up in that list....

    Best regards,
    Alex R.

  6. #6
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default

    Quote Originally Posted by winampus View Post
    You can use ldapsearch to check the response of the remote server
    This example below will return you nothing, since in zimbra 6 anonymous bind is not allowed anymore, but at least you can check the connectivity and somre response....

    Code:
    ldapsearch -t -x -H ldap://<remote_host>:389 -b "" -L (&(objectClass=zimbraAccount))"
    Btw... Did you check the connectivity from the machine were you tried to setup the GAL -> the machine where the GAL is ? Or opposite...

    Maybe you can describe a bit more how is the connectivity between your hosts...
    Code:
    serverA --> switchA --> firewallA --> routerA --> switchB --> serverB
    I still suspect a connectivity issue...
    On the remote host you can check the connections with "netstat -natp"
    see if your host from where you try to connect using telnet <host> 389
    shows up in that list....

    Best regards,
    Alex R.

    You dont happen to know what the admin or rootdn for zimbra's openldap is? Whenever I do ldapsearches I get empty results. Im not sure if it allows for anonymous binds or not - and I cant find a slapd.conf to look through. It appears zimbra has obfuscated their openldap install with ldifs for schemas, configuration, and other weirdness.

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by i2ambler View Post
    You dont happen to know what the admin or rootdn for zimbra's openldap is? Whenever I do ldapsearches I get empty results. Im not sure if it allows for anonymous binds or not - and I cant find a slapd.conf to look through. It appears zimbra has obfuscated their openldap install with ldifs for schemas, configuration, and other weirdness.
    Check the current Release Notes for 'anonymous bind' details.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Join Date
    Mar 2009
    Posts
    16
    Rep Power
    6

    Default

    Quote Originally Posted by i2ambler View Post
    You dont happen to know what the admin or rootdn for zimbra's openldap is? Whenever I do ldapsearches I get empty results. Im not sure if it allows for anonymous binds or not - and I cant find a slapd.conf to look through. It appears zimbra has obfuscated their openldap install with ldifs for schemas, configuration, and other weirdness.
    As you can see in my previous post, I mentioned that anonymous bind is not allowed. I have a bit more custom setup, but for binding I use zmposix.... more or less I have added the zmposix user and use that one for binding...

    In your case you can use the "uid=zimbra,cn=admins,cn=zimbra" and the ldap root password for binding...

    Best regards,
    Alex R.

  9. #9
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default

    Quote Originally Posted by winampus View Post
    As you can see in my previous post, I mentioned that anonymous bind is not allowed. I have a bit more custom setup, but for binding I use zmposix.... more or less I have added the zmposix user and use that one for binding...

    In your case you can use the "uid=zimbra,cn=admins,cn=zimbra" and the ldap root password for binding...

    Best regards,
    Alex R.
    Im not sure what 'ldap root password' is needed to bind to this default instance of zimbra. When admining all of my other openldap Ive just used slappaswd to create the crypted password then stuck it into rootpw slapd.conf.. This was on previous openldap versions <2.3

Similar Threads

  1. [SOLVED] Important Mta Issue!!!!!!!!
    By borngunners in forum Migration
    Replies: 2
    Last Post: 01-05-2010, 06:44 AM
  2. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 05:42 PM
  3. Upgrade to ZCS 5.10
    By blozancic in forum Installation
    Replies: 0
    Last Post: 10-21-2008, 09:03 AM
  4. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  5. Replies: 8
    Last Post: 02-27-2007, 04:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •