Results 1 to 5 of 5

Thread: Preauth Failing (Invalid Timestamp)

  1. #1
    Join Date
    Apr 2007
    Posts
    29
    Rep Power
    8

    Default Preauth Failing (Invalid Timestamp)

    I'm having an issue with preauth where I'm getting a message that the timestamp is incorrect. I'm using a PHP script to generate the values. The times on both servers are within a few seconds of each other and are in the same timezone. Also, zmprov gdpa gives me the same result as my script. Any thoughts? An example is below of what my script is returning for a URL:

    Code:
    http://zimbra.domain.com/service/preauth?account=user%40domain.com&by=name&timestamp=1177004153&expires=0&preauth=PAKSTRING

  2. #2
    Join Date
    Jul 2006
    Location
    San Francisco, CA
    Posts
    26
    Rep Power
    9

    Default

    Try multiplying the timestamp by 1000 (or concatenating '000' onto the end of it). The timestamp that PHP gives is in seconds, and the java preauth servlet is looking for a value in milliseconds, I believe. At least that is how I got it to work.

    Mike

  3. #3
    Join Date
    Apr 2007
    Posts
    29
    Rep Power
    8

    Default

    Great! Adding 000 to the end of the timestamp worked great. Now I have Zimbra integrated with our SSO solution. Thanks!

  4. #4
    Join Date
    Apr 2007
    Posts
    10
    Rep Power
    8

    Default

    can you please post your php code

  5. #5
    Join Date
    Apr 2007
    Posts
    29
    Rep Power
    8

    Default

    This is for making a PAK with the e-mail address. zimbraPAK contains the key generated by the gdpak command.

    Code:
    function getZimbraPAK($email) {
            // Returns query array with the PAK in it for an e-mail address
            global $zimbraPAK;
    
            $PAKTime = time()."000";
            $preauthString = $email."|name|0|".$PAKTime;
            $PAK = hash_hmac ("sha1",$preauthString,$zimbraPAK);
    
            $query = array(
                                                                    "account" => $email,
                                                                    "by" => "name",
                                                                    "timestamp" => $PAKTime,
                                                                    "expires" => "0",
                                                                    "preauth" => $PAK);
            return $query;
    }
    Turn this into a URL with....

    Code:
    $zimbraPAK = "RANDOM_ZIMBRA_PAK";
    $query = getZimbraPAK("user@domain.com");
    $url = $zimbraHost."/service/preauth?".http_build_query($query);
    I also use the following to get the mailbox node of the user...

    Code:
    function getZimbraHomeServer($email) {
            // Gets the users mailbox server
            $zimbraLDAP = ldap_connect("zimbra.domain.com");
            ldap_set_option($zimbraLDAP, LDAP_OPT_PROTOCOL_VERSION, 3);
            $zimbraLDAPR = ldap_bind($zimbraLDAP);
    
            // Query Zimbra Accounts
            $zimbraLDAPBase = "ou=people,dc=co,dc=marshall,dc=ia,dc=us";
            $zimbraSearchFilter="(zimbraMailDeliveryAddress=".$email.")";
            $zimbraSearchRes = ldap_search($zimbraLDAP,$zimbraLDAPBase,$zimbraSearchFilter);
            $zimbraSearchEntries = ldap_get_entries($zimbraLDAP,$zimbraSearchRes);
    
            return $zimbraSearchEntries[0]["zimbramailhost"][0];
    }

Similar Threads

  1. Postfix problem
    By jimbo in forum Administrators
    Replies: 46
    Last Post: 07-23-2007, 06:24 AM
  2. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 07:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •