Results 1 to 4 of 4

Thread: Apple Addressbook LDAP Setup in Lion (10.7)

  1. #1
    Join Date
    Feb 2012
    Posts
    3
    Rep Power
    3

    Default Apple Addressbook LDAP Setup in Lion (10.7)

    I have been searching the forums and wiki and tried all suggestions but still no luck so here I go:

    I have a Mac 10.7 Lion client and trying to use LDAP for accessing the GAL. I tried with ldapsearch on the same client and the result is success but no info is returned.

    I have managed to configure Thunderbird on the same Mac.

    I've also tried LDAP Admin on Windows and manage only to connect with the admin account.

    My setup
    Zimbra server address: zimbra.example.com
    Domains:
    zimbra.example.com
    GAL is both internal and external
    Authentication is internal

    example.com
    GAL is both internal and external
    Authentication is external

    External Authentication: LDAP
    Server address: odm.example.com
    LDAP Base: dc=od,dc=example,dc=com

    Any tips, please?

  2. #2
    Join Date
    Feb 2012
    Posts
    3
    Rep Power
    3

    Default More info

    The external LDAP server is an Open Directory server with the address odm.example.com. LDAP Search Base: dc=od,dc=example,dc=com

    The domain: zimbra.example.com
    GAL mode: Both
    Authentication: External LDAP
    Both GAL and Authentication work fine in the Test stage of the configuration.


    The domain: example.com
    GAL mode: Both
    Authentication: External LDAP
    Both GAL and Authentication work fine in the Test stage of the configuration.


    The user: guest3@example.com
    User exists in external LDAP as: uid=guest3,cn=Users,dc=od,dc=example,dc=com
    User exists in Zimbra in the domain example.com
    What about the field "External LDAP account for Authentication"? Should there be a value in that field?

    Client tests on Mac OS X 10.7/Lion client:
    Apple Address Book:
    Server: zimbra.example.com
    Port: 389, no SSL
    Search Base: dc=zimbra,dc=example.dc=com
    Scope: Subtree
    Authentication: Simple
    User Name: uid=guest3,ou=people,dc=zimbra,dc=example,dc=com
    Password: xxx

    No success.

    Thunderbird 10.0:
    Hostname: zimbra.example.com
    Base DN: dc=zimbra,dc=example,dc=com
    Port Number: 389
    Bind DN: uid=guest3,ou=people,dc=zimbra,dc=example,dc=com

    No success.

    I have tried different variations of the User Name/Bind DN without dc=zimbra and without the last domain parts, still np luck.

    Terminal:
    ldapsearch -x -h zimbra.example.com -b "ou=people,dc=zimbra,dc=example,dc=com" "uid=guest3"
    # extended LDIF
    #
    # LDAPv3
    # base <ou=people,dc=zimbra,dc=nersc,dc=no> with scope subtree
    # filter: uid=guest3
    # requesting: ALL
    #

    # search result
    search: 2
    result: 0 Success

    # numResponses: 1

    On the server I see after adjusting the debug level:
    Feb 2 10:20:52 zimbra slapd[30747]: conn=1218 op=0 BIND dn="uid=guest3,ou=people,dc=zimbra,dc=example,dc=c om" method=128
    Feb 2 10:20:52 zimbra slapd[30747]: conn=1218 op=0 RESULT tag=97 err=49 text=
    Feb 2 10:20:52 zimbra slapd[30747]: conn=1218 op=1 UNBIND

  3. #3
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    I use the following, and it works, but note that since it depends on no authentication and no SSL, it's only suitable if you firewall off LDAP at your border firewall.

    server: zimbra.company.com
    port: 389 (no SSL)
    Search Base: ou=people, o=my company (those are the literal values, which are just the greyed-out defaults that appear when you create an LDAP account in Address Book)
    Scope: subtree
    Authentication: none

    See Bug 15378 &ndash; Obviate the need for and disallow LDAP anonymous binds for more info on turning on/off anonymous access.

    I tried a while back to get authentication with SSL working (after turning off anonymous access at the server ). I don't recall if I was trying with Snow Leopard or Lion, but I couldn't get it to work.

  4. #4
    Join Date
    Feb 2012
    Posts
    3
    Rep Power
    3

    Default Anonymous LDAP works

    I would just like to confirm that anonymous LDAP works in Apple Address Book and Thunderbird.

    In Apple Address Book, my settings are:
    Name: Zimbra
    Server: zimbra.nersc.no
    Port: 389, No SSL
    Search Base: [blank]
    Scope: Subtree
    Authentication: None

    In Thunderbird my settings are:
    General:
    Name: Zimbra
    Hostname: zimbra.nersc.no
    Base DN: [blank]
    Port number: 389
    Bind DN: [blank]
    No SSL
    Advanced:
    Scope: Subtree
    Search filter: (objectclass=*)
    Login method: Simple

    I am not so sure about only using anonymous LDAP though, I prefer authenticated with SSL.

    Thank you very much for your tip!

Similar Threads

  1. Failed to bind to LDAP server
    By tezarin in forum Administrators
    Replies: 4
    Last Post: 01-23-2012, 08:26 AM
  2. Zimbra with Ical delegation setup on Lion 10.7
    By danrcf in forum CalDAV / CardDAV / iSync
    Replies: 2
    Last Post: 08-16-2011, 02:20 AM
  3. Extending external LDAP -> GAL setup in UI
    By ab5602 in forum Developers
    Replies: 1
    Last Post: 12-17-2007, 11:30 AM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •