Results 1 to 2 of 2

Thread: external authentication returns empty search

  1. #1
    Join Date
    Feb 2008
    Posts
    9
    Rep Power
    7

    Default external authentication returns empty search

    Hello

    I am newbie in Zimbra. I installed in Ubuntu 6.06 and everything works fine except authentication in external ldap server.

    The external ldap server is an Sun Directory 5.2. I created a dedicated user (zimbra viewer) in external ldap server with privileges to search and read from Zimbra IP address (194.177.198.1)

    I use the following parameters in Zimbra:

    LDAP filter: filter: (uid=%u) (and also mail=%s or other filter string i found on zimbra forum)
    LDAP search base: o=chania.teicrete,c=gr (even i tried ou=people,o=chania.teicrete,c=gr)
    Bind DN: cn=zimbra viewer,ou=Special,o=chania.teicrete,c=gr


    So when i try to test authentication, the answer from ldap server is "empty results".
    When i try to connect to the same ldap server as user "zimbra viewer" and ask the same question BUT from another machine, the ldap server give me result.

    The next lines are from access log file of ldap server. The IPs appear in log file are:
    194.177.198.1: zimbra server
    194.177.198.8: ldap server (Sun Directory)
    194.177.198.7: the 3rd machine i do ldapsearch to 194.177.198.8 and it gives me result

    ----------------------------------------------------------------------------------------------------------------------------------------------
    [18/Feb/2008:19:52:33 +0200] conn=2 op=-1 msgId=-1 - fd=20 slot=20 LDAP connection from 194.177.198.1 to 194.177.198.8
    [18/Feb/2008:19:52:33 +0200] conn=2 op=0 msgId=1 - BIND dn="cn=zimbra viewer,ou=Special,o=chania.teicrete,c=gr" method=128 version=3
    [18/Feb/2008:19:52:33 +0200] conn=2 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=zimbra viewer,ou=special,o=chania.teicrete,c=gr"
    [18/Feb/2008:19:52:33 +0200] conn=2 op=1 msgId=2 - SRCH base="o=chania.teicrete,c=gr" scope=2 filter="(uid=nlybe)" attrs=ALL
    [18/Feb/2008:19:52:33 +0200] conn=2 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    [18/Feb/2008:19:52:55 +0200] conn=3 op=-1 msgId=-1 - fd=21 slot=21 LDAP connection from 194.177.198.7 to 194.177.198.8
    [18/Feb/2008:19:52:55 +0200] conn=3 op=0 msgId=1 - BIND dn="cn=zimbra viewer,ou=Special,o=chania.teicrete,c=gr" method=128 version=3
    [18/Feb/2008:19:52:55 +0200] conn=3 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=zimbra viewer,ou=special,o=chania.teicrete,c=gr"
    [18/Feb/2008:19:52:55 +0200] conn=3 op=1 msgId=2 - SRCH base="ou=people,o=chania.teicrete,c=gr" scope=2 filter="(uid=nlybe)" attrs=ALL
    [18/Feb/2008:19:52:55 +0200] conn=3 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
    ----------------------------------------------------------------------------------------------------------------------------------------------

    If it's problem with credentials as i don't get error regarding invalid credentials.
    I also tried with the external ldap admin user but the result was the same

    I have made several test but without success.

    Any help is welcome

    Nikos

  2. #2
    Join Date
    Jan 2008
    Location
    127.0.0.1, Virginia, USA
    Posts
    42
    Rep Power
    7

    Default

    Hi Nikos,

    When setting up your filter, I would suggest you follow these guidelines:

    mail=%u@site.tld

    Another nice thing is you could set at the organizational top level and it will only allow users with the @site.tld to authenticate. Try to keep it simple. Only problem is, you'll need to set this up on your sun ldap box. By the way, I'd also suggest you get an LDAP browser for use on your desktop (Like Softerra LDAP browser, which is free) if you run windows.

    I personally use LDAP without binding since I don't think you can currently change the password backwards onto the server. I had problems with binding and having it find the users as well. So, if you can do LDAP anonymously, that would be the way to go.

    Hope this helps.
    cyberdeath

Similar Threads

  1. External Authentication with Active Directory via LDAPS
    By merrill in forum Administrators
    Replies: 1
    Last Post: 10-21-2007, 02:13 PM
  2. [SOLVED] Searching message headers?
    By gkra in forum Users
    Replies: 2
    Last Post: 08-11-2007, 09:26 AM
  3. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 07:52 PM
  4. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM
  5. External LDAP, Wizard, Search ok, but empty results
    By illusions in forum Administrators
    Replies: 0
    Last Post: 11-16-2006, 05:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •