Results 1 to 2 of 2

Thread: Authenticating to external ldap server

Hybrid View

  1. #1
    Join Date
    May 2012
    Location
    Salt Lake City
    Posts
    3
    Rep Power
    3

    Default Authenticating to external ldap server

    First of all, I am very inexperience with mail server administration setup etc.
    Our company currently have an old mail server running in production with qmail along with courier-imap, and openldap for user authentication.

    after doing some research I found Zimbra to be a good candidate to move to from our old qmail MTA which is not longer supported to Zimbra.

    I have setup a new 64 bit VM server for testing purposes running redhat 6 operating system.
    1. - I installed zimbra
    2. - created a user account in zimbra that matches one of the accounts on the current mail server and send a couple of e-mails for testing and sending e-mails work
    3. - used imapsync to sync a user account mailbox from current qmail server to zimbra and it works fine.
    4. - Since our current qmail users authenticate through openldap server which is running on the same box as the qmal server. from the admin console in zimbra I would like to connect to this openldap server.
    5. - After providing all the information such as the: ldaps://10.x.x.x port 636 SSL %u as the ldap filter the ldap bind username and password as well as an ldap user name and password to test settings. It does not work. I get the below error message:

    How do I import a certificate from the current openldap server to the new server where zimbra is installed?

    avax.naming.CommunicationException: simple bind failed: 10.10.0.2:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target]
    at com.sun.jndi.ldap.LdapClient.authenticate(LdapClie nt.java:195)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:272 0)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
    at com.sun.jndi.ldap.LdapCtxFactory.gezmprov mcf zimbraImapCleartextLoginEnabled TRUE
    zmprov mcf zimbraPop3CleartextLoginEnabled TRUE
    ----tUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Ldap CtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:288)
    at javax.naming.InitialContext.init(InitialContext.ja va:223)
    at javax.naming.ldap.InitialLdapContext.<init>(Initia lLdapContext.java:134)
    at com.zimbra.cs.account.ldap.ZimbraLdapContext.<init >(ZimbraLdapContext.java:546)
    at com.zimbra.cs.account.ldap.ZimbraLdapContext.<init >(ZimbraLdapContext.java:484)
    at com.zimbra.cs.account.ldap.ZimbraLdapContext.<init >(ZimbraLdapContext.java:467)
    at com.zimbra.cs.account.ldap.LdapUtil.ldapAuthentica te(LdapUtil.java:108)
    at com.zimbra.cs.account.ldap.Check.checkAuthConfig(C heck.java:169)
    at com.zimbra.cs.service.admin.CheckAuthConfig.handle (CheckAuthConfig.java:45)
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:412)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:287)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:158)
    at com.zimbra.soap.SoapServlet.doWork(SoapServlet.jav a:303)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:217)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:725)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:206)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:814)
    at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1166)
    at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(Set HeaderFilter.java:79)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1157)
    at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
    at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:132)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:218)
    at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:422)
    at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:230)
    at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
    at org.mortbay.jetty.handler.rewrite.RewriteHandler.h andle(RewriteHandler.java:230)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
    at org.mortbay.jetty.handler.DebugHandler.handle(Debu gHandler.java:77)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:585)
    at org.mortbay.jetty.HttpConnection$RequestHandler.co ntent(HttpConnection.java:988)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:756)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:218)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:415)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:429)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:451)
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1731)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:235)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:1206)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:925)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1170)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDat aRecord(SSLSocketImpl.java:785)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(A ppInputStream.java:75)
    at java.io.BufferedInputStream.fill(BufferedInputStre am.java:218)
    at java.io.BufferedInputStream.read1(BufferedInputStr eam.java:258)
    at java.io.BufferedInputStream.read(BufferedInputStre am.java:317)
    at com.sun.jndi.ldap.Connection.run(Connection.java:8 20)
    at java.lang.Thread.run(Thread.java:662)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target

  2. #2
    Join Date
    May 2012
    Location
    Salt Lake City
    Posts
    3
    Rep Power
    3

    Default

    If I use ldap server name = IP address of openldap server
    ldap port number = 389
    ldap filter = %u
    ldap search base = empty

    the bind external user name and password.
    user name & password to test authentication settings.

    I get this error:
    javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]

    Not sure what I am doing wrong or why this is failing..

    Thanks for your help.

Similar Threads

  1. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  2. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 04:29 AM
  3. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 02:17 PM
  4. External LDAP - Users can't log in
    By bjimerson in forum Administrators
    Replies: 4
    Last Post: 08-20-2006, 01:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •