Results 1 to 5 of 5

Thread: Zimbra LDAP

  1. #1
    Join Date
    Feb 2006
    Location
    Pune, India
    Posts
    294
    Rep Power
    9

    Default Zimbra LDAP

    This topic has been discussed a number of times, and before posting it I read the posts and Help Topics, but unfortunately I could not succeed.

    Background:

    I have an LDAP server running on mail.mydomain.org
    I have Zimbra running on zimbra.mydomain2.net
    I want to authenticate users using the LDAP server on mail.mydomain.org; first without SSL and then with SSL once I receive the SSL certificate after a few days
    (The users should enter username@mydomain2.net and their password to authenticate themselves)

    I also wish to use GAL from mail.mydomain.org

    On the LDAP server, I executed an ldapsearch, and the result is as under:

    Code:
    [root@mail ~]# ldapsearch -x -D "cn=Manager,dc=mydomain,dc=org" -b "dc=mydomain,dc=org" -s sub -P 2 -w MyP455w0rd "(mail=czaveri@mydomain2.net)"
    # extended LDIF
    #
    # LDAPv2
    # base  with scope sub
    # filter: (mail=czaveri@mydomain2.net)
    # requesting: ALL
    #
    
    # czaveri@mydomain2.net, mydomain2, mydomain.org
    dn: cn=czaveri@mydomain2.net,ou=mydomain2,dc=mydomain,dc=org
    telephoneNumber: 311-770-8355
    mail: czaveri@mydomain2.net
    objectClass: inetOrgPerson
    sn: Chintan Zaveri
    cn: czaveri@mydomain2.net
    userPassword:: e3NzaGF9TG9yY1owUW1qSU5MWGQyTUM6aWYyQ2RLK5hOVkhGbHQ=
    displayName: Chintan Zaveri
    carLicense: czaveri@zimbra.mydomain2.net,$user
    
    # search result
    search: 2
    result: 0 Success
    
    # numResponses: 2
    # numEntries: 1
    [root@mail ~]#
    I also received the same result, as above when I executed the following search:

    Code:
    ldapsearch -x -H ldap://mail.mydomain.org -D "cn=Manager,dc=mydomain,dc=org" -b "dc=mydomain,dc=org" -s sub -P 2 -w MyP455w0rd "(mail=czaveri@mydomain2.net)"
    What I did:
    I went to Zimbra Management Interface -> Domains -> mydomain2.net -> Configure Authentication -> Authentication Configuration Wizard (mydomain2.net)

    In the first screen, I selected Authentication Mechanism as External LDAP

    In the second screen, I entered LDAP Server name as mail.mydomain.org, Left the Port Number at 389 and did NOT check Use SSL.
    I entered LDAP filter as (mail=%u@%d) and LDAP search base as
    Code:
    dc=mydomain,dc=org
    .

    In the third screen, I checked Use DN/Password to bind to external server and entered Bind DN as cn=Manager,dc=mydomain,dc=org and password in both password fields.

    In the fourth screen, I entered Bind DN as cn=Manager,dc=mydomain,dc=org, User name as czaveri@mydomain2.net and the password.

    Then I clicked on Test.

    I received the following error with Server message: Generic communication failure

    Code:
    javax.naming.CommunicationException: mail.mydomain.org:389 [Root exception is java.net.NoRouteToHostException: No route to host]
            at com.sun.jndi.ldap.Connection.(Connection.java:194)
            at com.sun.jndi.ldap.LdapClient.(LdapClient.java:118)
            at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:44)
            at com.sun.jndi.ldap.pool.Connections.(Connections.java:97)
            at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:114)
            at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:310)
            at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1572)
            at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
            at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
            at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
            at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
            at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
            at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
            at javax.naming.InitialContext.init(InitialContext.java:223)
            at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134)
            at com.zimbra.cs.account.ldap.LdapUtil.getDirContext(LdapUtil.java:213)
            at com.zimbra.cs.account.ldap.LdapUtil.ldapAuthenticate(LdapUtil.java:246)
            at com.zimbra.cs.account.ldap.Check.checkAuthConfig(Check.java:152)
            at com.zimbra.cs.service.admin.CheckAuthConfig.handle(CheckAuthConfig.java:53)
            at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:252)
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:163)
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:84)
            at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:228)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
            at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:154)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
            at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
            at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
            at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
            at java.lang.Thread.run(Thread.java:595)
    Caused by: java.net.NoRouteToHostException: No route to host
            at java.net.PlainSocketImpl.socketConnect(Native Method)
            at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
            at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
            at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
            at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:364)
            at java.net.Socket.connect(Socket.java:507)
            at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:585)
            at com.sun.jndi.ldap.Connection.createSocket(Connection.java:333)
            at com.sun.jndi.ldap.Connect
    Thank-you in advance,

    Sincerely,

    Chintan Zaveri.
    Last edited by czaveri; 03-21-2006 at 01:42 AM.

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Is everything running on the same physical machine? If not can you run the ldap search from the zimbra machine connecting to your LDAP server? What if you use plain telnet from zimbra:

    telnet ldaphost 389

    Can you even connect? Firewall? SELinux?
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    Join Date
    Feb 2006
    Location
    Pune, India
    Posts
    294
    Rep Power
    9

    Default Firewall! ... but still not working

    Dear Kevin,

    Yes, you were right about firewall. The 389 port was blocked.

    After opening it and with the same configuration now I get the following error:

    Code:
    Server message: Authentication failed. Invalid credentials (bad dn/password)
    javax.naming.AuthenticationException: empty search
    	at com.zimbra.cs.account.ldap.LdapUtil.ldapAuthenticate(LdapUtil.java:267)
    	at com.zimbra.cs.account.ldap.Check.checkAuthConfig(Check.java:152)
    	at com.zimbra.cs.service.admin.CheckAuthConfig.handle(CheckAuthConfig.java:53)
    	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:252)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:163)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:84)
    	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:228)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
    	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:154)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
    	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
    	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
    	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    	at java.lang.Thread.run(Thread.java:595)
    Can you help me understand my mistake...

    Thank-you,

    Sincerely,

    Chintan Zaveri.

  4. #4
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Now you just have the password and dn wrong. You'll need to enter it just like you did for the ldap search.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  5. #5
    Join Date
    Feb 2006
    Location
    Pune, India
    Posts
    294
    Rep Power
    9

    Default Solved

    The password and dn were ok. However, I was using an improper filter.

    For GAL, I needed to use (mail=%s)

    For Auth, I needed to use (cn=%n)

    Finally, ...

    Thank-you very much for such a wonderful software and support.

    Sincerely,

    Chintan Zaveri.

Similar Threads

  1. Replies: 31
    Last Post: 12-15-2007, 08:05 PM
  2. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  3. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 10:38 AM
  4. Replies: 16
    Last Post: 09-07-2006, 06:39 AM
  5. Seeming variety of problems on suse-9.1
    By Crexis in forum Installation
    Replies: 52
    Last Post: 03-03-2006, 11:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •