Zimbra + Novell LDAP == ?

Ask questions about your setup or get help installing ZCS server (ZD section below).
cyberdeath
Posts: 41
Joined: Fri Sep 12, 2014 11:19 pm
Location: 127.0.0.1, Virginia, USA

Zimbra + Novell LDAP == ?

Postby cyberdeath » Tue Jan 29, 2008 10:49 pm

Ok, I have been fiddling around with LDAP for a couple hours now but with no joy. I first tried installing Zimbra on OpenSuSE 10.3 using the 10.2 installer from the community website. It gave me the whole "not the right OS" error, however...I ignored and continued on. When I got to the Setup Main Menu, I cannot get past the error at the bottom...and I have completely filled everything in that needed to be filled in. So, I figured...maybe it's because it's 10.3 and the installer is for 10.2. Since I have a license to use SLES 10, I installed that onto the test box...and again...I'm sitting here with the same issue. The error message is below:


Address unconfigured (**) items or correct ldap configuration (? - help)

Additionally, here's the error message that the /tmp/zmsetup.log says:



zimbra-mta is enabled

checking isEnabled zimbra-archiving

zimbra-archiving is not enabled

checking isComponentAvailable archiving

Checking ldap on ldapserver.domain:389

Unable to bind to ldap://ldapserver.domain:389 with user uid=zimbra,cn=admins,cn=zimbra and password xxxx:

Couldn't bind to ldapserver.domain as uid=zimbra,cn=admins,cn=zimbra

Component archiving is not available.

checking isEnabled zimbra-snmp

zimbra-snmp is enabled

Checking ldap on ldapserver.domain:389

Unable to bind to ldap://ldapserver.domain:389 with user uid=zimbra,cn=admins,cn=zimbra and password xxxx:

Couldn't bind to ldapserver.domain as uid=zimbra,cn=admins,cn=zimbra

Checking ldap on ldapserver.domain:389

Unable to bind to ldap://ldapserver.domain:389 with user uid=zimbra,cn=admins,cn=zimbra and password xxxx:

Couldn't bind to ldapserver.domain as uid=zimbra,cn=admins,cn=zimbra

Checking ldap on ldapserver.domain:389

Unable to bind to ldap://ldapserver.domain:389 with user uid=zimbra,cn=admins,cn=zimbra and password xxxx:

Couldn't bind to ldapserver.domain as uid=zimbra,cn=admins,cn=zimbra

Where ldapserver.domain is the actual Novell server and the password is a real password for the zimbra account that I created at the root level. I also created postfix and amavis accounts with passwords I setup in the latter part of the menu for the bind passwords. Below is the information from the Main Menu:


Main menu
1) Common Configuration:

+Hostname: zimbra.domain

+Ldap master host: ldapserver.domain

+Ldap port: 389

+Ldap Admin password: set

+LDAP Base DN: cn=zimbra

+TimeZone: (GMT-05.00) Eastern Time (US & Canada)
2) zimbra-store: Enabled

+Create Admin User: yes

+Admin user to create: admin@zimbra.domain

+Admin Password set

+Enable automated spam training: yes

+Spam training user: spam.q1sgdngsgg@zimbra.domain

+Non-spam(Ham) training user: ham.dwzgkq8fr@zimbra.domain

+Global Documents Account: wiki@zimbra.domain

+SMTP host: zimbra.domain

+Web server HTTP port: 80

+Web server HTTPS port: 443

+Web server mode: http

+IMAP server port: 143

+IMAP server SSL port: 993

+POP server port: 110

+POP server SSL port: 995

+Use spell check server: yes

+Spell server URL: http://zimbra.domain:7780/aspell.php
> 3) zimbra-mta: Enabled

+MTA Auth host: zimbra.domain

+Enable Spamassassin: yes

+Enable Clam AV: yes

+Notification address for AV alerts: admin@zimbra.domain

+Bind password for postfix ldap user: set

+Bind password for amavis ldap user: set
4) zimbra-snmp: Enabled

+Enable SNMP notifications: yes

+SNMP Trap hostname: zimbra.domain

+Enable SMTP notifications: yes

+SMTP Source email address: admin@zimbra.domain

+SMTP Destination email address: admin@zimbra.domain
5) zimbra-logger: Enabled

6) zimbra-spell: Enabled

7) Default Class of Service Configuration:

+Enable Instant Messaging Feature: Enabled

+Enable Briefcases Feature: Enabled

+Enable Tasks Feature: Enabled

+Enable Notebook Feature: Enabled
c) Collapse menu

r) Start servers after configuration yes

s) Save config to file

q) Quit
Address unconfigured (**) items or correct ldap configuration (? - help)

I did not install the zimbra-ldap component as I do not want to run a server, I want to connect to an LDAP server for authentication.
Also, I need to setup Zimbra to look in several OUs, but not all, for usernames...but that is once I get it installed and running at all + talking to Novell LDAP.
Any suggestions?? :confused:


User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1666
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

Zimbra + Novell LDAP == ?

Postby quanah » Wed Jan 30, 2008 12:25 am

I would note that using an LDAP server for storing the Zimbra bits that is not the one shipped with Zimbra is not particularly supported, and I would highly advise against it. I'm not sure why you'd want to use something else, given the performance and stability of OpenLDAP. ;)
In any case, your error indicates that the bind to the LDAP Server as the admin user is failing. I suggest turning up the debugging logs on your LDAP server to troubleshoot the issue.
--Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
cyberdeath
Posts: 41
Joined: Fri Sep 12, 2014 11:19 pm
Location: 127.0.0.1, Virginia, USA

Zimbra + Novell LDAP == ?

Postby cyberdeath » Wed Jan 30, 2008 7:07 am

Ok, so maybe I am doing this all wrong. I need to be able to dynamically authenticate users against the Novell LDAP server and create the accounts on a local box after they login for the first time...or better yet, when they are created. This is why I pointed LDAP authentication to the server. Is there another way I can do this authentication through Novell while using a local OpenLDAP server?
rsharpe
Outstanding Member
Outstanding Member
Posts: 254
Joined: Fri Sep 12, 2014 9:59 pm

Zimbra + Novell LDAP == ?

Postby rsharpe » Wed Jan 30, 2008 7:40 am

Yes do the install normally with the local OpenLDAP server then when that is complete you can use the admin console to change the authentication method to use an external LDAP service.
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1666
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

Zimbra + Novell LDAP == ?

Postby quanah » Wed Jan 30, 2008 8:52 am

Wiki Guide on External Authentication
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
bdial
Elite member
Elite member
Posts: 1633
Joined: Fri Sep 12, 2014 10:39 pm

Zimbra + Novell LDAP == ?

Postby bdial » Wed Jan 30, 2008 9:00 am

you should also make sure ldap is enabled on the novell server you're trying to authenticate to as well.
cyberdeath
Posts: 41
Joined: Fri Sep 12, 2014 11:19 pm
Location: 127.0.0.1, Virginia, USA

Zimbra + Novell LDAP == ?

Postby cyberdeath » Wed Jan 30, 2008 5:27 pm

First off, thanks so far for the help...I now have a working Zimbra server that works well locally authenticating.
[quote user="rsharpe"]Yes do the install normally with the local OpenLDAP server then when that is complete you can use the admin console to change the authentication method to use an external LDAP service.[/QUOTE]
Ok, I did it that way and, again, it worked. I can also get it to authenticate me while I am setting up LDAP authentication for the "domain". However, when I go to login from the zimbra user portal...it tells me "The username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current username and password." Therefore, it seems as though it is not really authenticating against LDAP.
[quote user="quanah"]Wiki Guide on External Authentication[/QUOTE]
I viewed this already and went through the procedures, but still no joy :(.
[quote user="bdial"]you should also make sure ldap is enabled on the novell server you're trying to authenticate to as well.[/QUOTE]
LDAP is enabled on our Novell boxes by default. So that should not be a problem. I'm using non-SSL to "bind" anonymously....and I even tried binding with the admin account. Granted, both work when I test it out setting up authentication in the admin control panel. So that shouldn't be the problem (I don't think). :confused:
[quote user="quanah"]I would note that using an LDAP server for storing the Zimbra bits that is not the one shipped with Zimbra is not particularly supported, and I would highly advise against it. I'm not sure why you'd want to use something else, given the performance and stability of OpenLDAP. ;)
In any case, your error indicates that the bind to the LDAP Server as the admin user is failing. I suggest turning up the debugging logs on your LDAP server to troubleshoot the issue.
--Quanah[/QUOTE]
Thanks for that advice above...you are right, I do NOT want to store the data on our Novell server....I'd like it housed on the mail box...therefore OpenLDAP works great.
So, now my question is: How can I make Zimbra authenticate against LDAP and populate a user after authentication....or how can it query the LDAP server for usernames and populate the mailboxes that way? Then when the person logs in...that's when it compares the password against the account. Just as a note...we are currently using Moodle with LDAP in this same manner...and it works very nicely.
Any advice/suggestions would be greatly appreciated. Again, thanks so far for the help...all of you!
bdial
Elite member
Elite member
Posts: 1633
Joined: Fri Sep 12, 2014 10:39 pm

Zimbra + Novell LDAP == ?

Postby bdial » Wed Jan 30, 2008 9:57 pm

We had an existing eDirectory and OpenLDAP integration using Novell's Identity Manager. Basicly we do all our account management from edirectory. when a new account is created it triggers a creation of the user within our openldap too propogating the attributes we have mapped. this also handles modifications as well as password syncornization.
When we stated looking at zimbra I thought maybe i could just setup another channel ot have it migrate accounts to the zimbra ldap as well. Unfortunately, it looks like theres more to a new user than just it's creation in the zimbra ldap and you have to do it wtih the zmprov or through SOAP. I'm not totally familiar with soap but maybe you are.
That being said, our zimbra install authenticates fine to the openldap server we had thats being populated by eDirectory. However, I still have to create them in zimbra as well wehn i create them in ediretory. This is the best i've been able to do so far. We're using universal passwords as well.
Novell sometimes has some different attribute names for st uff than openldap or zimbra. if you want to authenticate directly to novell you may want to make sure your filter is correct and maybe use dstrace on the novell server to help debug the process.
cyberdeath
Posts: 41
Joined: Fri Sep 12, 2014 11:19 pm
Location: 127.0.0.1, Virginia, USA

Zimbra + Novell LDAP == ?

Postby cyberdeath » Fri Feb 15, 2008 5:22 pm

[quote user="bdial"]We had an existing eDirectory and OpenLDAP integration using Novell's Identity Manager. Basicly we do all our account management from edirectory. when a new account is created it triggers a creation of the user within our openldap too propogating the attributes we have mapped. this also handles modifications as well as password syncornization.
When we stated looking at zimbra I thought maybe i could just setup another channel ot have it migrate accounts to the zimbra ldap as well. Unfortunately, it looks like theres more to a new user than just it's creation in the zimbra ldap and you have to do it wtih the zmprov or through SOAP. I'm not totally familiar with soap but maybe you are.
That being said, our zimbra install authenticates fine to the openldap server we had thats being populated by eDirectory. However, I still have to create them in zimbra as well wehn i create them in ediretory. This is the best i've been able to do so far. We're using universal passwords as well.
Novell sometimes has some different attribute names for st uff than openldap or zimbra. if you want to authenticate directly to novell you may want to make sure your filter is correct and maybe use dstrace on the novell server to help debug the process.[/QUOTE]
Thanks for the reply. I have now setup the zimbra server to use it's own OpenLDAP server and under the administrative panel, I have chosen "External Authentication". I noticed that once I set up the server to "Bind"....I had problems...so I tried to turn binding off..and couldn't....so since it's just the test bed box...I uninstalled/reinstalled Zimbra which, in turn, fixed the problem. So, with Anonymous authentication to LDAP, it now works fine so long as I create the user on the zimbra box as well...which I am doing....I don't want to overly complicate things with other solution possibilities (ie: Identity Manager). But, my question and problem is this: 1. When users login once I setup LDAP...with the exception of the "admin" account which is local...the other accounts never say the last time they logged in on the Admin control panel....when looking at the users even though they logged in. 2. I am concerned about the Zimbra server contacting the LDAP server too much. I don't want it to become a "taxing" issue for our LDAP server which is also being authenticated against with other systems. If it only connects to the LDAP server when that user authenticates to either pop3, imap, or the web front-end, that's fine with me. I just don't want it to be the case like with another email server I've used that authenticated to LDAP on every email received. So, if someone could clarify those two things, I'd really appreciate it.
Thanks for everyone's help. This is a great community :)...which makes me trust this product even more.
fmodola
Advanced member
Advanced member
Posts: 113
Joined: Fri Sep 12, 2014 10:04 pm

Zimbra + Novell LDAP == ?

Postby fmodola » Fri Mar 07, 2008 10:33 am

bdial,
Novell updated Identity Manager to version 3.5 so that you can now use the Scripting Driver in order to synchronize your accounts.
We are using it, it is based upon scripts on Zimbra host that execute zmprov commands.
If you need informations, you can contact Novell support.

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: No registered users and 5 guests