Results 1 to 4 of 4

Thread: External LDAP Authentification issue

  1. #1
    Join Date
    May 2007
    Posts
    17
    Rep Power
    8

    Default External LDAP Authentification issue

    I am currently testing Zimbra Network Edition on a SLES9 server. Zimbra currently is configured to Authenticate against our External Novell eDirectory server. The problem I have run into is that there are a few users who have alias user objects created in our Novell Tree. These users are unable to authenticate against zimbra. The zimbra mailbox.log indicates that the ldapsearch filter is returning more than one result for the username. Is there a way to adjust the search filter in order to leave out the aliased objects?

  2. #2
    Join Date
    May 2007
    Location
    Los Angeles, CA
    Posts
    31
    Rep Power
    8

    Default

    There probably is.

    Could you post the LDIF for a user and one of his alias objects? I'm not familiar with "alias user objects" personally, but I strongly suspect there's enough of a difference to tell them apart in a standard manner.

    Something similar to the following should work, for example, if the actual user is a posixAccount but his aliases are not... (&(uid=%u)(objectclass=posixAccount))

  3. #3
    Join Date
    May 2007
    Posts
    17
    Rep Power
    8

    Default

    Bevan,

    Thank you for the advice.

    Here is the filter I tried to use for LDAP authentification:

    (& (cn=%u)(! (objectClass=aliasObject)))
    However I recieve this error when I try to authenticate using credentials that have alias objects in the Novell tree.:

    AuthenticationException: too many results from search filter!
    An ldapsearch from the command line on the Zimbra server using the above ldap filter only returns the actual user object.

    I also tried this filter
    (& (cn=%u)(objectClass=inetOrgPerson))
    , but had the same results.

    Here are the ldif entries you requested.

    # extended LDIF
    #
    # LDAPv3
    # base with scope sub
    # filter: cn=cjs
    # requesting: ALL
    #

    # CJS, OU1, BC
    dn: cn=CJS,ou=ORGANIZATION,o=BC
    mail: "Test User"
    uid: CJS
    givenName: Test
    fullName: Test User
    messageServer: cn=COURTHOUSE,ou=ORGANIZATION,o=BC
    sn: User
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: Person
    objectClass: ndsLoginProperties
    objectClass: Top
    loginTime: 20070628100502Z
    loginIntruderAddress:: MCP//wADAAAAAAABBFE=
    loginGraceRemaining: 5
    loginGraceLimit: 6
    loginDisabled: FALSE
    ndsHomeDirectory: cn=ORG_VOL2,ou=ORGANIZATION,o=BC#0#HOMES\CJS
    groupMembership: cn=Internet,o=MAIL
    cn: CJS
    cn: Test User

    # cjs, OU2, BC
    dn: cn=cjs,ou=OU2,o=BC
    objectClass: aliasObject
    objectClass: Top
    cn: cjs

    # search result
    search: 2
    result: 0 Success

    # numResponses: 3
    # numEntries: 2

  4. #4
    Join Date
    May 2007
    Location
    Los Angeles, CA
    Posts
    31
    Rep Power
    8

    Default

    Hmm, I'd expect the two you tried to work.
    If you run a manual ldapsearch using those filters, what do you see?
    It's a longshot, but you seem to have whitespace after your & and !... I don't remember if that can be a problem or not.

    Also, given your example, have you tried using simply (uid=%u) ?

Similar Threads

  1. LDAP Filter issue and GAL
    By G-Money in forum Administrators
    Replies: 2
    Last Post: 06-24-2010, 01:13 PM
  2. External LDAP Problem
    By facerw in forum Installation
    Replies: 7
    Last Post: 05-08-2007, 05:29 AM
  3. external ldap authentification
    By dmore73 in forum Administrators
    Replies: 0
    Last Post: 04-16-2007, 09:17 AM
  4. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 07:52 PM
  5. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 03:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •