Results 1 to 3 of 3

Thread: GAL Bind DN permission problem with AD

  1. #1
    Join Date
    Jun 2006
    Posts
    10
    Rep Power
    9

    Angry GAL Bind DN permission problem with AD

    Server OS: RHEL 4
    Zimbra Ver: 3.2B2

    AD info:
    Windows Server 2003 SP1


    I'm hoping someone can point me in the right direction here. I've got ZCS up and running, and to save time during my test phase here, I used the Domain Admin account as the Bind DN in the GAL setup wizard. Worked great. Now I'm locking everything down as the final part of my test, and created a new account to be used as the Bind DN, but get an error ever time I try to use the new account.
    To test, I've even made the new account a memeber of Domain Admins (even went so far as to make it the Ent Admin) thinking it may be a permissions issue, but so far, I can't get it work with that new account.

    LDAPseach doesn't work from the command line either (only with the new account), so I'm pretty sure this is an AD problem. The error I get returned is:
    ldap_bind: Invalid credentials (49)
    additional info: 80090308: Ldaperr: DSID-0C090334, Comment: AcceptSecurityContext eror, data 525, vece

    Finally, I did research the problem in AD before I posted this and found that there's special permissions that need to be set to allow an account to be used for LDAP searches in AD as per this article http://www.petri.co.il/anonymous_lda...ws_2003_ad.htm. While that deals with anon. access to LDAP searches in AD, I applied the same procedures to the account that I created, and still no luck.

    Any help anyone can offer would be appreciated.

    Thanks in advance

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    "Invalid credentials (49)" can also mean wrong password. Are you sure the password is right?
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    Join Date
    Aug 2005
    Posts
    228
    Rep Power
    10

    Default

    You are getting "data 525", which seems to imply invalid user, per:

    http://forum.java.sun.com/thread.jspa?messageID=4227692

    525 - user not found
    52e - invalid credentials
    530 - not permitted to logon at this time
    532 - password expired
    533 - account disabled
    701 - account expired
    773 - user must reset password
    Bugzilla - Wiki - Downloads - Before posting... Search!

Similar Threads

  1. Backup issues
    By telescop in forum Administrators
    Replies: 3
    Last Post: 03-01-2007, 05:09 PM
  2. Ldap issues
    By mississippiman in forum Installation
    Replies: 11
    Last Post: 01-09-2007, 07:00 PM
  3. GAL Problem after Upgrade
    By tbullock in forum Administrators
    Replies: 5
    Last Post: 05-26-2006, 12:08 PM
  4. Active Directory GAL Problem
    By TheZog in forum Installation
    Replies: 5
    Last Post: 04-06-2006, 05:48 PM
  5. Move server to different OS
    By EriSan500 in forum Administrators
    Replies: 7
    Last Post: 03-05-2006, 12:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •