Results 1 to 2 of 2

Thread: Querying Zimbra LDAP w/ SSL

  1. #1
    Join Date
    Aug 2010
    Posts
    5
    Rep Power
    5

    Default Querying Zimbra LDAP w/ SSL

    Hello Zimbra Forums!

    I'm currently a student doing a summer internship, in which I've been assigned a project to research and implement a single sign on solution for the company with open source software. We decided on ZCS as the groupware / mail solution. I currently have a OpenLDAP server that contains employer and group information, and I'm trying to synch this LDAP with the Zimbra LDAP (so the users can change their passwords with Zimbra interface and change contact information, etc.). I've wrote a simple Perl script to do just this and it works great. For testing purposes I've been using port 389 to view traffic, but now I'd like to configure SSL. I'm assuming that the Zimbra LDAP is expecting some sort of client verification, because when I just switch to LDAPS it fails. In addition, I use JXplorer to view my LDAP trees, and this also fails when I switch to SSL. Can someone push me in the right direction as to what is next? Do I need to copy the *.pem from the Zimbra server? If so, which is the one I want? In the /opt/Zimbra/ssl/ directory there are several different .pem files to choose from.

    Any help would be greatly appreciated and if this is a stupid / simple question I apologize; I've just started learning these topics this summer!

    Thanks,

    Jake
    Last edited by JakeValletta; 07-03-2012 at 11:27 AM.

  2. #2
    Join Date
    Aug 2010
    Posts
    5
    Rep Power
    5

    Default

    Hi guys, seems like I figured out my error and would like to share with everyone what I have found. Looks there are two errors. Please correct me of anything is incorrect here!

    1. Zimbra LDAP doesn't use port 636. Which means of course switching to this port did not work. I verified this with an nmap scan of my Zimbra server and this (dated) post:

    http://www.zimbra.com/forums/adminis...ldaps-how.html

    The post suggests to use StartTLS rather than SSL on port 389.

    2. The second problem was in my understanding of the client cert. verification. The server will present its certificate when an SSL handshake is initiated, and the client chooses what do with the the cert (verify, auto-accept, etc.). I set my Perl script to accept the cert and used StartTLS and it works like a charm now! I hope this clears things up for other people as well!

    Thanks,

    Jake Valletta
    Last edited by JakeValletta; 07-03-2012 at 11:22 AM.

Similar Threads

  1. Replies: 5
    Last Post: 08-18-2011, 10:15 PM
  2. [SOLVED] Postfix unavailable - queue down
    By pmona in forum Administrators
    Replies: 20
    Last Post: 01-21-2010, 09:03 PM
  3. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 07:25 PM
  4. [SOLVED] Clamav problem ? What's happening ?
    By aNt1X in forum Installation
    Replies: 23
    Last Post: 02-14-2008, 04:43 AM
  5. Zimbra server crashed
    By goetzi in forum Administrators
    Replies: 6
    Last Post: 03-25-2006, 12:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •