Results 1 to 7 of 7

Thread: auth on active directory with ldap

Hybrid View

  1. #1
    Join Date
    Jan 2012
    Location
    Italy
    Posts
    7
    Rep Power
    3

    Default auth on active directory with ldap

    Hi, I am triyng to validate accounts using active directory ldap. I am not using native active directory because the domain I wish to validate is different from the AD domain (may be I don't know how to do in that way).
    I am facing ldap error 49 ... 525 reporting bad dn, but I can't find the error.
    Using ldapsearch the dn is reported correctly.

    Here my settings:
    zimbraAuthLdapSearchBase: dc=ced,dc=aos
    zimbraAuthLdapSearchBindDn: "CN=ldap_browser,OU=Domain Controllers,DC=ced,DC=aos"
    zimbraAuthLdapSearchBindPassword: secret
    zimbraAuthLdapSearchFilter: (&(samAccountName=%u)(objectClass=OrganizationalPe rson))
    zimbraAuthLdapURL: ldap://172.18.10.23:389
    zimbraAuthMech: ldap

    Here my ldapsearch test:
    ldapsearch -x -LLL -H ldap://172.18.10.23:389 -b "DC=ced,DC=aos" -D "CN=ldap_browser,OU=Domain Controllers,DC=ced,DC=aos" -w secret "(&(samAccountName=daniele)(objectClass=Organizati onalPerson))" dn

    dn: CN=daniele,OU=gsi,DC=ced,DC=aos

    zimbra is zcs-7.2.0_GA_2669.UBUNTU10_64.20120410002303 on ubuntu 10.04 64 bit

    I guess is something related to AD/non standard ldap but I am not able to find a clue or a way to troubleshoot the problem.
    Anybody can help me?
    Thank you
    Daniele

  2. #2
    Join Date
    Apr 2012
    Posts
    21
    Rep Power
    3

    Default

    Not sure if this will help, but it is a tutorial I wrote up on configuring LDAP Auth. I would ASSUME that your problem would occur with the search filter since you are trying to look up an account in a different domain. I would mess around with that until you get it right. Here is the link:

    Batch Importing Users & Configuring LDAP Auth « El Nesto Birdo

  3. #3
    Join Date
    Jan 2012
    Location
    Italy
    Posts
    7
    Rep Power
    3

    Default

    Thank you for your help, but unfortunately my zimbra still does not work. My config differ from yours just for the ldap filter; I modified it in many ways with no success.
    Do you know a way to see the effective dialog between zimbra and ad to troubleshoot the problem by the exchanged messages?

  4. #4
    Join Date
    Jan 2012
    Location
    Italy
    Posts
    7
    Rep Power
    3

    Default [solved] auth on active directory with ldap

    The problem was (I suppose) the failing parameter zimbraAuthLdapBindDn.

    Using zmprov I setup the parameters:
    zimbraAuthLdapBindDn: %u@domain.local where domain.local is the AD domain (this shoul be different from the zimbra mail domain)
    zimbraAuthLdapSearchBase: starting point of ldap search
    zimbraAuthLdapSearchBindDn: user enabled to search
    zimbraAuthLdapSearchBindPassword
    zimbraAuthLdapSearchFilter: in my case (&(samAccountName=%u)(objectClass=person)) but also other filters works
    zimbraAuthLdapURL: ldap://ad1:389 ldap://ad2:389
    zimbraAuthMech: ldap

    In AD I have 2 domain servers and port 3268 is open only on 1 of them. Checking port 3268 on first server is ok, but not in 2nd. To have redundancy I did use port 389 on both servers

  5. #5
    Join Date
    Apr 2012
    Posts
    21
    Rep Power
    3

    Default

    Well here is the article which helped me out with LDAP Auth: wiki.zimbra.com/wiki/LDAP_Authentication They actually have a section called "sanity check"! haha. I need it at that point. I think I see what your problem is right off the bat. You cannot specify the user by user@domain.com. You must specify it by the Distinguished Name. For example. I have a user in an OU called "AD-Users" for the domain "yourdomain.net", the user is named "Dan". My Bind DN would be:

    CN=Dan,OU=AD-Users,DC=yourdomain,DC=net

    Let me know if you get it working or if it is still failing in another place.

  6. #6
    Join Date
    Jan 2012
    Location
    Italy
    Posts
    7
    Rep Power
    3

    Default

    after setting zimbraAuthLdapBindDn looks good.
    there are 2 parameters: zimbraAuthLdapBindDn and zimbraAuthLdapSearchBindDn, I missed the first.
    Thank you
    Daniele

  7. #7
    Join Date
    Apr 2012
    Posts
    21
    Rep Power
    3

    Default

    Excellent! Glad I could be of help! I'm working on some calendar issues, but I think I have them worked out for the most part. It's going to be a long weekend of migrating from hMailserver....hopefully not too long :-\

    Daniel (without the extra 'e')!

Similar Threads

  1. Zimbra with Centos 6 as active directory problem
    By gyt in forum Administrators
    Replies: 5
    Last Post: 03-10-2014, 07:01 AM
  2. Replies: 16
    Last Post: 06-07-2013, 05:18 PM
  3. Failed to bind to LDAP server
    By tezarin in forum Administrators
    Replies: 4
    Last Post: 01-23-2012, 09:26 AM
  4. centos 5 zimbra 4.5.6 no statistics
    By rutman286 in forum Installation
    Replies: 9
    Last Post: 08-14-2007, 10:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •