Results 1 to 4 of 4

Thread: Authentication to external ldap stop working.

Hybrid View

  1. #1
    Join Date
    Nov 2006
    Posts
    7
    Rep Power
    9

    Default Authentication to external ldap stop working.

    I have configured Zimbra to authenticate to my external ldap/samba server. I tested before and it was working all last week. I was able to access webmail with the users I created with zimprov (no password set on zimbra).
    Last Friday I could not login anymore. I went and test the external authentication from the Zimbra admin console and it was not working anymore. The test failed with the following error: Server Message Authentication failed. Invalid credentials (bad dn/password).

    I am surprised with the DN error since I know for sure that I am using the correct dn account and password. I use our external ldap server to manage all our samba accounts and I can go login to my Ldap account manager (LAM) right now with the dn account: cn=Manager,dc=mydomain,dc=com and with the dn password mypassword without any problem. Our windows xp /samba users are being authenticated every day from our LDAP server and I haven't changed the Ldap dn password since I installed the ldap Samba 2 months ago.

    Here my authentication settings:

    Authentication mechanism: External LDAP
    LDAP URL: ldap://192.168.0.5:389
    LDAP filter: (uid=%u)
    LDAP search base: dc=mydomain,dc=com
    Use DN/password to bind to external server: yes
    Bind DN: cn=Manager, dc=mydomain,dc=com


    I did not made any change on my ldap server or on my zimbra configuration. I had createt a secondaire domain which was set to use internal authentication But after experiencing all these issues, I deleted it.

    Any help? I have search the forum to checked again and again the wiki.

    The complete error message when testing with the authentication config wizard from admin console:

    Server Message Authentication failed. Invalid credentials (bad dn/password).

    javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.jav a:2985)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCt x.java:2931)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCt x.java:2732)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:264 6)
    at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapC txFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Ldap CtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:667)
    at javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:247)
    at javax.naming.InitialContext.init(InitialContext.ja va:223)
    at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134)
    at com.zimbra.cs.account.ldap.LdapUtil.getDirContext( LdapUtil.java:231)
    at com.zimbra.cs.account.ldap.LdapUtil.ldapAuthentica te(LdapUtil.java:263)
    at com.zimbra.cs.account.ldap.Check.checkAuthConfig(C heck.java:153)
    at com.zimbra.cs.service.admin.CheckAuthConfig.handle (CheckAuthConfig.java:53)
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:261)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:162)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:84)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:223)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:709)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:173)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:802)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:252)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
    at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:213)
    at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:178)
    at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126)
    at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
    at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:107)
    at org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:541)
    at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:148)
    at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:869)
    at org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt ocol.java:667)
    at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket(PoolTcpEndpoint.java:527)
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt(LeaderFollowerWorkerThread.java:80)
    at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)


    Thank you for your help

  2. #2
    Join Date
    Nov 2006
    Posts
    7
    Rep Power
    9

    Default Is there any help with external ldap authentication not working anymore

    Anyone has an idea what may be wrong with the Ldap external authentication.
    I have reinstalled after running install.sh -u. The only change I remember now is that I installed a new version of kernel source 2.6.18-1.2239.fc5smp on my system.

  3. #3
    Join Date
    Nov 2006
    Posts
    7
    Rep Power
    9

    Default Found the problem

    I found the problem. it is with the ldap server. I have ldap running on my samba server for authenticating samba users and I want it to authenticate zimbra users as well. The problem is that I am using ldap account manager LAM to manage the Ldap accounts. I found out that zimbra authentication failed for any ldap account created with LAM. Accounts created with the smbldap-tools script - smbldap-useradd.pl won't have any problem authenticating zimbra users. The fix for me is to delete the accounts (around 10 ) that cannot authenticate with Zimbra and recreate them again using smbldap-useradd.

    jahaj

  4. #4
    Join Date
    Nov 2006
    Posts
    5
    Rep Power
    9

    Default

    We had a similar issue in converting NT to Samba accounts and then Samba to LDAP. In our case we have 60 users but it would be nice if there was a step to convert the Samba accounts to Ldap after converting from NT with passwords still intact.

Similar Threads

  1. External LDAP with GSSAPI authentication method
    By izvictor in forum Installation
    Replies: 17
    Last Post: 03-11-2009, 09:14 AM
  2. Disable local authentication with an external ldap
    By turmace in forum Administrators
    Replies: 4
    Last Post: 05-17-2007, 03:13 AM
  3. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 05:29 AM
  4. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 07:52 PM
  5. external LDAP authentication in M2
    By jstewart in forum Installation
    Replies: 5
    Last Post: 12-08-2005, 09:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •