Results 1 to 3 of 3

Thread: Zimbra 8.0 , LDAP and ejabberd

  1. #1
    Join Date
    Nov 2012
    Location
    France
    Posts
    2
    Rep Power
    3

    Default Zimbra 8.0 , LDAP and ejabberd

    Hi all !

    Like a lot of people I'm stuck with LDAP auth with Zimbra. First time I use Zimbra and LDAP too !

    In fact I tried to use ejabberd 2.1 to connect to Zimbra using the LDAP auth but I can't connect.

    I'm trying to find why I can't connect to Zimbra LDAP. So I'm currently using the ldapsearch to understand this.

    I use the "zmlocalconfig -s | grep ldap_" command to find LDAP values in Zimbra.

    Code:
    root@mail:~# ldapsearch -H ldap://server.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com" -x
    # extended LDIF
    #
    # LDAPv3
    # base <ou=people,dc=eulerian,dc=com> with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #
    
    # search result
    search: 2
    result: 0 Success
    
    # numResponses: 1
    I'm using the simple auth but in the conf I see that SASL is forced but if I try to use this with the "zimbra_ldap_password":

    Code:
    root@mail:~# ldapsearch -H ldap://server.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com"
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    Even if I try to force the Zimbra user:
    Code:
    root@mail:~# ldapsearch -H ldap://mail.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com"
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    root@mail:~# ldapsearch -H ldap://mail.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com" -U zimbra
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    root@mail:~# ldapsearch -H ldap://mail.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com" -X "dn:uid=zimbra,cn=admins,cn=zimbra"
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    I searched the net and it seems possible user are not maped for SASL AUTH. I miss something and I don't know what is it, LDAP client conf or the Zimbra server LDAP ...

    If someone got an idea, feel free to answer !

    Thank you for your time.

  2. #2
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    afaik anonymous binding is disabled in zcs. You'd probably want to bind as the user uid=zimbra,cn=admins,cn=zimbra

  3. #3
    Join Date
    Nov 2012
    Location
    France
    Posts
    2
    Rep Power
    3

    Default

    Quote Originally Posted by bdial View Post
    afaik anonymous binding is disabled in zcs. You'd probably want to bind as the user uid=zimbra,cn=admins,cn=zimbra
    Thank you for your answer !

    I'm pretty sure it's that but it doesn't work. Seems my Base DN is not ok too ...

    I tried to bind with the -D option, seems I don't use it well ... I fear for the Ejabberd Connection then :/

    What am I doing wrong for the user binding ? I don't understand :/

    The ejabberd server will be on the same server, if I remove the SASL, will it cause problems to Zimbra ?

    Code:
    root@mail:~# ldapsearch -v -h mail.eulerian.com -p 389 -D "uid=zimbra,ou=people,dc=eulerian,dc=com" -b "ou=people,dc=eulerian,dc=com" -X -W
    ldap_initialize( ldap://mail.eulerian.com:389 )
    SASL/DIGEST-MD5 authentication started
    Please enter your password: 
    ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
    	additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
    Here is a part of the confioguration:
    Code:
    ldap_host = server.eulerian.com
    ldap_is_master = true
    ldap_ldapi_socket_file = ${zimbra_home}/openldap/var/run/ldapi
    ldap_master_url = ldap://server.eulerian.com:389
    ldap_nginx_password = ****
    ldap_overlay_accesslog_logpurge = 01+00:00  00+04:00
    ldap_overlay_syncprov_checkpoint = 20 10
    ldap_port = 389
    ldap_postfix_password = ****
    ldap_read_timeout = 0
    ldap_replication_password = ****
    ldap_root_password = ****
    ldap_starttls_required = true
    ldap_starttls_supported = 1
    ldap_url = ldap://server.eulerian.com:389
    zimbra_class_ldap_client = com.zimbra.cs.ldap.unboundid.UBIDLdapClient
    zimbra_ldap_password = ****
    zimbra_ldap_user = zimbra
    zimbra_ldap_userdn = uid=zimbra,cn=admins,cn=zimbra
    Software: Zimbra 8.0 Network Edition - Ubuntu 12.04

Similar Threads

  1. Ejabberd + Ldap On Zimbra 4.5.0 RC1
    By Caterpillar in forum Administrators
    Replies: 1
    Last Post: 12-09-2008, 05:36 AM
  2. Replies: 1
    Last Post: 11-07-2008, 12:10 PM
  3. Using ejabberd as messaging service with zimbra.
    By risiyanto in forum Administrators
    Replies: 1
    Last Post: 09-07-2007, 07:45 AM
  4. Replies: 2
    Last Post: 05-24-2006, 11:01 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •