I recently kinda upgrade from Zimbra 5.x to 6.0.7. Because of database corruptions, my "upgrade" was actually a fresh installation and then a migration of accounts.

I have a HTTP reverse proxy that, amongst other things, knows about my internal mail server. It uses the apache 2.2 version of LDAP Apache - Zimbra :: Wiki , which was working fine on the old ZCS 5.x.

However, it does not work here.

I have verified through tshark that the LDAP TCP session is happening, and I can see that the username is passed inside that TCP session. So I know that network connectivity is not an issue.

Apache reports the following error:

[Sun Aug 22 12:49:41 2010] [warn] [client] [7707] auth_ldap authenticate: user me@mydomain.com authentication failed; URI / [User not found][No such object]
[Sun Aug 22 12:49:41 2010] [error] [client] user me@mydomain.com not found: /

And tshark shows:

0.000000 -> TCP 52184 > ldap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=260756728 TSER=0 WS=7
0.000394 -> TCP ldap > 52184 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=44614768 TSER=260756728 WS=7
0.000452 -> TCP 52184 > ldap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=260756728 TSER=44614768
0.000487 -> LDAP bindRequest(1) "<ROOT>" simple
0.000814 -> TCP ldap > 52184 [ACK] Seq=1 Ack=15 Win=5888 Len=0 TSV=44614768 TSER=260756728
0.001127 -> LDAP bindResponse(1) success
0.001145 -> TCP 52184 > ldap [ACK] Seq=15 Ack=15 Win=5888 Len=0 TSV=260756728 TSER=44614768
0.001231 -> LDAP searchRequest(2) "<ROOT>" wholeSubtree
0.002013 -> LDAP searchResDone(2) success
0.042309 -> TCP 52184 > ldap [ACK] Seq=91 Ack=29 Win=5888 Len=0 TSV=260756739 TSER=44614768

Looking at wireshark for more information, I see that the "searchResDone(2) success" reports "0 results".

So at the moment, I have disabled the authentication lookup in the proxy.

As per can't figure out why apache LDAP auth fails - Server Fault I have verified that the clocks are in sync (they weren't but now both use NTP)

One difference between the old and new servers (as part of the migration) is that it's in a different subnet. The old server was in the same /24 as the proxy, but the new one is not. Is there some setting in Zimbra that says that it will offer LDAP authentication services to the default subnet?

Another option I see relates to zimbraReverseProxyHttpEnabled but I couldn't find good clue as to how to use it.

Seeking clues, thanks in advance.