Results 1 to 2 of 2

Thread: Zimbra OpenLDAP

  1. #1
    Join Date
    Apr 2011
    Rep Power

    Default Zimbra OpenLDAP

    Hi there,

    I'm new to Zimbra, and I'm trying to use its internal OpenLDAP for OS authentication in a Linux Mint client. The software versions are the following:

    * Zimbra: Release 6.0.9_GA_2686.RHEL5_64_20101115233514 CentOS5_64 FOSS edition.
    * Zimbra OS server: CentOS release 5.5 (Final)
    * Client: Linux Mint 10 Julia

    I was having some problems trying to connect to Zimbra OpenLDAP from the client with ldapsearch command. I could not make that work with start TLS on port 389; however the regular connection works fine.

    As Linux Mint is an Ubuntu derivative, and is using the OpenLDAP tools with GNU TLS (which I have read that can have some problems), I decided to start trying first from the ZImbra server itself. So, in the CentOS host I copied the CA certificate to /etc/openldap/cacerts directory, make the soft link with the hash number, and configured the variable TLS_CACERTDIR with that directory in ldap.conf. After that, I could execute something like:

    ldapsearch -x "(objectclass=*)" -D cn=config -W -ZZ

    And it worked fine. However, when trying to test only the connection with openssl, an error is given:

    > openssl s_client -connect host.domain:389
    31319:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

    The same thing happen if I try with the -CApath option. So, does anyone can help me to discover what could be wrong?. I would like to resolve this problem first, so I could continue with the Linux Mint problem then.

    And more specifically to Zimbra: as I have said, I am new to Zimbra, but have some experience with OpenLDAP. Then, I would like to know where TLS configurations for OpenLDAP can be viewed / edited. I have tried with zmlocalconfig command, but all that I can find is ldap_starttls_supported and ldap_common_require_tls.

    Thanks very much,


  2. #2
    Join Date
    May 2007
    Rep Power


    A few things:

    a) You can't use OpenSSL s_client to do startTLS to LDAP.
    b) GnuTLS has all sorts of issues and security risks. You use it at your own peril.
    c) Just look at the .ldaprc file for the Zimbra user for it's configuration
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    Zimbra :: the leader in open source messaging and collaboration

Similar Threads

  1. ZCS7 Beta only Listens on IPv6
    By tobru in forum Installation
    Replies: 2
    Last Post: 03-25-2011, 03:31 AM
  2. Did I miss something? (Zimbra GA 6.0.8 on Ubuntu 10.04)
    By vpetersson in forum Installation
    Replies: 2
    Last Post: 10-26-2010, 06:29 AM
  3. Replies: 9
    Last Post: 03-01-2008, 07:21 PM
  4. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 08:56 PM
  5. Mail logs
    By Rick Baker in forum Installation
    Replies: 8
    Last Post: 01-17-2006, 03:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts