Ldap query for get domain name

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
pasbag
Posts: 13
Joined: Tue Jun 21, 2016 5:28 am

Ldap query for get domain name

Postby pasbag » Wed May 16, 2018 7:15 am

Hi. I Install two server of ZCS 8.7.11.
server 1 contain: mail.havij.io
proxy server
web UI
MTA
memchaced

server 2 contain: store.havij.io
ldap server
mailbox store

I define several domain. For each domain has one virtual host name.
When user login on virtual host in proxy server, in mailbox server log this error:

Code: Select all

018-05-16 11:16:12,263 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - query template attr=zimbraReverseProxyDomainNameQuery, query template=(&(zimbraVirtualIPAddress=${IPADDR})(objectClass=zimbraDomain))
2018-05-16 11:16:12,263 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - query=(&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,263 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - SEARCH - millis=[0], resp=[0 (success)], usage=[NGINX_LOOKUP], conn=[1], base=[], filter=[(&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))]
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob.  error: query returned empty result: (&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob, using default domain: havij.io
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - Auth-User bob is replaced by bob@havij.io for mailhost lookup
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - GET_CONN - millis=[0], usage=[SEARCH], conn=[2], connPool=[ZimbraReplica(1340848245)]
2018-05-16 11:16:12,265 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - SEARCH - millis=[1], resp=[0 (success)], usage=[SEARCH], conn=[2], base=[], filter=[(&(|(zimbraMailDeliveryAddress=bob@havij.io)(zimbraMailAlias=bob@havij.io))(objectClass=zimbraAccount))]
2018-05-16 11:16:12,265 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - REL_CONN - conn=[2]
2018-05-16 11:16:12,265 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - query template attr=zimbraReverseProxyMailHostQuery, query template=(|(zimbraMailDeliveryAddress=${USER})(zimbraMailAlias=${USER})(zimbraId=${USER}))
2018-05-16 11:16:12,265 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - query=(|(zimbraMailDeliveryAddress=bob@havij.io)(zimbraMailAlias=bob@havij.io)(zimbraId=bob@havij.io))
2018-05-16 11:16:12,266 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - SEARCH - millis=[1], resp=[0 (success)], usage=[NGINX_LOOKUP], conn=[1], base=[], filter=[(|(zimbraMailDeliveryAddress=bob@havij.io)(zimbraMailAlias=bob@havij.io)(zimbraId=bob@havij.io))]
2018-05-16 11:16:12,266 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - user bob@havij.io not found
com.zimbra.cs.nginx.NginxLookupExtension$EntryNotFoundException: query returned empty result: (|(zimbraMailDeliveryAddress=bob@havij.io)(zimbraMailAlias=bob@havij.io)(zimbraId=bob@havij.io))
        at com.zimbra.cs.nginx.NginxLookupLdapHelper.searchDirectory(NginxLookupLdapHelper.java:138)
        at com.zimbra.cs.nginx.NginxLookupExtension$NginxLookupHandler.search(NginxLookupExtension.java:964)
        at com.zimbra.cs.nginx.NginxLookupExtension$NginxLookupHandler.doGet(NginxLookupExtension.java:323)
        at com.zimbra.cs.extension.ExtensionDispatcherServlet.service(ExtensionDispatcherServlet.java:111)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685)
        at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:169)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:107)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:117)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:473)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:318)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:288)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
        at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:318)
        at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437)
        at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:84)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
        at org.eclipse.jetty.server.Server.handle(Server.java:517)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:192)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
        at java.lang.Thread.run(Thread.java:748)
2018-05-16 11:16:12,267 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - SEARCH - millis=[0], resp=[0 (success)], usage=[NGINX_LOOKUP], conn=[1], base=[], filter=[(&(zimbraDomainName=havij.io)(objectClass=zimbraDomain))]
2018-05-16 11:16:12,267 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - REL_CONN - conn=[1]
2018-05-16 11:16:12,267 INFO  [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - user not found:bob@havij.io
2018-05-16 11:16:12,293 DEBUG [qtp1068934215-859:https:https://store.havij.io:7071/service/admin/soap/GetDomainInfoRequest] [] misc - Servlet (contextPath=/service active=0), Jetty pool (threads=18, idle=2, busy=16, room=234)




I want change query template "zimbraReverseProxyDomainNameQuery, query template=(&(zimbraVirtualIPAddress=${IPADDR})(objectClass=zimbraDomain))" to
this like "zimbraReverseProxyDomainNameQuery, query template=(&(zimbraVirtualHostname=${HOST})(objectClass=zimbraDomain))"

I no know what is {IPADDR} and i want variable that has host name(virtualhostname).

Do you have another solution for this problem that user virtual host login without enter domain name. I do not set IP address for each of virtual host name. one IP for all domain.
Please help me.
Thanks


User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1798
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.8 Patch 6 Network Edition
Contact:

Re: Ldap query for get domain name

Postby L. Mark Stone » Wed May 16, 2018 4:43 pm

Zimbra's Virtual Host functionality works fine for multiple domains with just one IP address for all domains.

The log snippet you posted seems to confirm that it is working correctly.

The user tries to login as "bob" and Zimbra figures out from the Virtual Host information this is really "bob@havij.io". But, that mailbox doesn't exist so the login stops right there.

You shouldn't have to change any templates from their defaults to make this work, so unless I am missing something I'd say remove all your template customizations and you should be OK.

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
pasbag
Posts: 13
Joined: Tue Jun 21, 2016 5:28 am

Re: Ldap query for get domain name

Postby pasbag » Sat May 19, 2018 4:31 am

L. Mark Stone wrote:Zimbra's Virtual Host functionality works fine for multiple domains with just one IP address for all domains.

The log snippet you posted seems to confirm that it is working correctly.

The user tries to login as "bob" and Zimbra figures out from the Virtual Host information this is really "bob@havij.io". But, that mailbox doesn't exist so the login stops right there.

You shouldn't have to change any templates from their defaults to make this work, so unless I am missing something I'd say remove all your template customizations and you should be OK.

Hope that helps,
Mark

Thanks for your answer.
Please consider this part of logs:

Code: Select all

nginxlookup - domain not found for user bob.  error: query returned empty result: (&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob, using default domain: havij.io
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - Auth-User bob is replaced by bob@havij.io for mailhost lookup


I enter mail.zardak.io on browser and Zimbra show me login screen. I want say to Zimbra use virtualHostname instead virtualIPAddress in authentication phase. Default domain is havij.io. I setup separate server for web UI and Mailbox.
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1798
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.8 Patch 6 Network Edition
Contact:

Re: Ldap query for get domain name

Postby L. Mark Stone » Sat May 19, 2018 3:45 pm

pasbag wrote:
L. Mark Stone wrote:Zimbra's Virtual Host functionality works fine for multiple domains with just one IP address for all domains.

The log snippet you posted seems to confirm that it is working correctly.

The user tries to login as "bob" and Zimbra figures out from the Virtual Host information this is really "bob@havij.io". But, that mailbox doesn't exist so the login stops right there.

You shouldn't have to change any templates from their defaults to make this work, so unless I am missing something I'd say remove all your template customizations and you should be OK.

Hope that helps,
Mark

Thanks for your answer.
Please consider this part of logs:

Code: Select all

nginxlookup - domain not found for user bob.  error: query returned empty result: (&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob, using default domain: havij.io
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - Auth-User bob is replaced by bob@havij.io for mailhost lookup


I enter mail.zardak.io on browser and Zimbra show me login screen. I want say to Zimbra use virtualHostname instead virtualIPAddress in authentication phase. Default domain is havij.io. I setup separate server for web UI and Mailbox.


Ah OK, I see what you are saying now; the system seems to be using the default domain and bob is on a different domain.

So let's break this down...

Again, you don't need to customize or change any nginx templates anywhere; you just add the virtual host to the domain config using the Admin Console and make sure there's an A record for it in public DNS.

Let's say Bob's mailbox address is "bob@mydomain.net"; you configure in the Zimbra Admin Console the virtual host "zimbra.mydomain.net" (or whatever you want) and an A record in public DNS that resolves "zimbra.mydomain.net" to the public IP address of your proxy server. I notice that there is no A record for mail.havij.io in public DNS so either you've changed the name of your proxy server or you need to configure that; you'll have other issues if you don't.

Just for example's sake let's assume the actual IP address of mail.havij.io is something like 35.173.158.175 (that's actually one of my IP addresses, so of course don't use it!), then you would need to set an A record in public DNS for Bob's domain mydomain.net that resolves 35.173.158.175 for a "zimbra.mydomain.net" query.

If you are not using real domain names above, it's hard to help you troubleshoot further.

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
pasbag
Posts: 13
Joined: Tue Jun 21, 2016 5:28 am

Re: Ldap query for get domain name

Postby pasbag » Sun May 20, 2018 4:34 am

L. Mark Stone wrote:
pasbag wrote:
L. Mark Stone wrote:Zimbra's Virtual Host functionality works fine for multiple domains with just one IP address for all domains.

The log snippet you posted seems to confirm that it is working correctly.

The user tries to login as "bob" and Zimbra figures out from the Virtual Host information this is really "bob@havij.io". But, that mailbox doesn't exist so the login stops right there.

You shouldn't have to change any templates from their defaults to make this work, so unless I am missing something I'd say remove all your template customizations and you should be OK.

Hope that helps,
Mark

Thanks for your answer.
Please consider this part of logs:

Code: Select all

nginxlookup - domain not found for user bob.  error: query returned empty result: (&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob, using default domain: havij.io
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - Auth-User bob is replaced by bob@havij.io for mailhost lookup


I enter mail.zardak.io on browser and Zimbra show me login screen. I want say to Zimbra use virtualHostname instead virtualIPAddress in authentication phase. Default domain is havij.io. I setup separate server for web UI and Mailbox.


Ah OK, I see what you are saying now; the system seems to be using the default domain and bob is on a different domain.

So let's break this down...

Again, you don't need to customize or change any nginx templates anywhere; you just add the virtual host to the domain config using the Admin Console and make sure there's an A record for it in public DNS.

Let's say Bob's mailbox address is "bob@mydomain.net"; you configure in the Zimbra Admin Console the virtual host "zimbra.mydomain.net" (or whatever you want) and an A record in public DNS that resolves "zimbra.mydomain.net" to the public IP address of your proxy server. I notice that there is no A record for mail.havij.io in public DNS so either you've changed the name of your proxy server or you need to configure that; you'll have other issues if you don't.

Just for example's sake let's assume the actual IP address of mail.havij.io is something like 35.173.158.175 (that's actually one of my IP addresses, so of course don't use it!), then you would need to set an A record in public DNS for Bob's domain mydomain.net that resolves 35.173.158.175 for a "zimbra.mydomain.net" query.

If you are not using real domain names above, it's hard to help you troubleshoot further.

Hope that helps,
Mark



OK. I setup these server on my lab and you can not access them on the public network. So my operation system is Ubuntu 17.10 and my /etc/hosts like :

Code: Select all

127.0.0.1 localhost       
192.168.0.58  mail.zardak.io                                                                                                                                                                             
192.168.0.58  mail.havij.io


I add my virtual host name to /etc/hosts in Proxy server and Mailbox server like above.

Code: Select all

root@mail:~# cat /etc/hosts                                                                                                                                                                               
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.0.58          mail.havij.io        mail     
192.168.0.63          store.havij.io        store     
192.168.0.58          mail.zardak.io



Code: Select all

root@store:~# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.0.63          store.havij.io        store
192.168.0.58         mail.havij.io        mail
192.168.0.58 mail.zardak.io


I setup each server Bind9 (DNS server) and config bind for proxy server( that contain UI web and MTA):

Code: Select all

root@mail:~# cat /etc/bind/db.domain
@       IN      SOA     havij.io. hostmaster.havij.io. (
                                          10118      ; Serial
                                          43200      ; Refresh
                                          3600       ; Retry
                                          3600000    ; Expire
                                         2592000 )  ; Minimum
;       Define the nameservers and the mail servers
        IN      NS      havij.io.
        IN      A       192.168.0.58
        IN      MX      10 mail.havij.io.
        mail    IN      A       192.168.0.58



and for Mailbox server ( that contain store and LDAP server):

Code: Select all

root@store:~# cat /etc/bind/db.domain
@       IN      SOA     havij.io. hostmaster.havij.io. (
                                          10118      ; Serial
                                          43200      ; Refresh
                                          3600       ; Retry
                                          3600000    ; Expire
                                         2592000 )  ; Minimum
;       Define the nameservers and the mail servers
        IN      NS      havij.io.
        IN      A       192.168.0.63
        IN      MX      10 store.havij.io.
store   IN      A       192.168.0.63


I check that define zimbraVirtualHostname for zardak.io domain

Code: Select all

zimbra@mail:[~]$ zmprov gd zardak.io |grep zimbraVirtualHostname
zimbraVirtualHostname: mail.zardak.io

zimbra@mail:[~]$ zmprov gaa|grep -i zardak.io
galsync@zardak.io
bob@zardak.io

zimbra@mail:[~]$ zmprov gaa|grep -i havij.io
admin@havij.io
spam.ixfevync@havij.io
ham.r7ad03bqz@havij.io
virus-quarantine.ohycirvrix@havij.io
galsync.bhuglkel@havij.io




So are you see any problem in my configs?
Thanks
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1798
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.8 Patch 6 Network Edition
Contact:

Re: Ldap query for get domain name

Postby L. Mark Stone » Sun May 20, 2018 5:36 pm

If mail.zardak.io is the virtualhostname, there is no need to add this to /etc/hosts. So long as Zimbra's DNS can resolve it, you should be fine.

Please post the following outputs from both Zimbra servers:

Code: Select all

host mail.zardak.io
host mail.havij.io
host store.havij.io
host 192.168.0.58
host 192.168.0.63
host www.yahoo.com
dig havij.io mx
dig zardak.io mx
cat /etc/resolv.conf


Then we'll see if this is a DNS problem or not.

Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
pasbag
Posts: 13
Joined: Tue Jun 21, 2016 5:28 am

Re: Ldap query for get domain name

Postby pasbag » Mon May 21, 2018 5:52 am

L. Mark Stone wrote:If mail.zardak.io is the virtualhostname, there is no need to add this to /etc/hosts. So long as Zimbra's DNS can resolve it, you should be fine.

Please post the following outputs from both Zimbra servers:

Code: Select all

host mail.zardak.io
host mail.havij.io
host store.havij.io
host 192.168.0.58
host 192.168.0.63
host www.yahoo.com
dig havij.io mx
dig zardak.io mx
cat /etc/resolv.conf


Then we'll see if this is a DNS problem or not.

Mark




In mailbox server:

Code: Select all

root@store:~# host mail.zardak.io
mail.zardak.io has address 192.168.0.58

root@store:~# host mail.havij.io
mail.havij.io has address 192.168.0.58

root@store:~# host store.havij.io
store.havij.io has address 192.168.0.63
store.havij.io mail is handled by 10 store.havij.io.

root@store:~# host 192.168.0.58
58.0.168.192.in-addr.arpa domain name pointer mail.havij.io.

root@store:~# host 192.168.0.63
63.0.168.192.in-addr.arpa domain name pointer store.havij.io.

root@store:~# host www.yahoo.com
www.yahoo.com is an alias for atsv2-fp.wg1.b.yahoo.com.
atsv2-fp.wg1.b.yahoo.com has address 87.248.98.7
atsv2-fp.wg1.b.yahoo.com has address 87.248.98.8
atsv2-fp.wg1.b.yahoo.com has IPv6 address 2a00:1288:110:1c::4
atsv2-fp.wg1.b.yahoo.com has IPv6 address 2a00:1288:110:1c::3

root@store:~# dig havij.io mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> havij.io mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29575
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;havij.io.                      IN      MX

;; ANSWER SECTION:
havij.io.               2592000 IN      MX      10 mail.havij.io.

;; AUTHORITY SECTION:
havij.io.               2592000 IN      NS      havij.io.

;; ADDITIONAL SECTION:
mail.havij.io.          2592000 IN      A       192.168.0.58
havij.io.               2592000 IN      A       192.168.0.58

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 21 10:20:56 IRDT 2018
;; MSG SIZE  rcvd: 104

root@store:~# dig zardak.io mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> zardak.io mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13981
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zardak.io.                     IN      MX

;; ANSWER SECTION:
zardak.io.              2592000 IN      MX      10 mail.zardak.io.

;; AUTHORITY SECTION:
zardak.io.              2592000 IN      NS      zardak.io.

;; ADDITIONAL SECTION:
mail.zardak.io.         2592000 IN      A       192.168.0.58
zardak.io.              2592000 IN      A       192.168.0.58

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 21 10:20:56 IRDT 2018
;; MSG SIZE  rcvd: 105

root@store:~# cat /etc/resolv.conf
nameserver 127.0.0.1
root@store:~#




In proxy server:

Code: Select all

root@store:~# host mail.zardak.io
mail.zardak.io has address 192.168.0.58

root@store:~# host mail.havij.io
mail.havij.io has address 192.168.0.58

root@store:~# host store.havij.io
store.havij.io has address 192.168.0.63
store.havij.io mail is handled by 10 store.havij.io.

root@store:~# host 192.168.0.58
58.0.168.192.in-addr.arpa domain name pointer mail.havij.io.
root@store:~# host 192.168.0.63
63.0.168.192.in-addr.arpa domain name pointer store.havij.io.

root@store:~# host www.yahoo.com
www.yahoo.com is an alias for atsv2-fp.wg1.b.yahoo.com.
atsv2-fp.wg1.b.yahoo.com has address 87.248.98.7
atsv2-fp.wg1.b.yahoo.com has address 87.248.98.8
atsv2-fp.wg1.b.yahoo.com has IPv6 address 2a00:1288:110:1c::4
atsv2-fp.wg1.b.yahoo.com has IPv6 address 2a00:1288:110:1c::3
root@store:~# dig havij.io mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> havij.io mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29575
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;havij.io.                      IN      MX

;; ANSWER SECTION:
havij.io.               2592000 IN      MX      10 mail.havij.io.

;; AUTHORITY SECTION:
havij.io.               2592000 IN      NS      havij.io.

;; ADDITIONAL SECTION:
mail.havij.io.          2592000 IN      A       192.168.0.58
havij.io.               2592000 IN      A       192.168.0.58

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 21 10:20:56 IRDT 2018
;; MSG SIZE  rcvd: 104

root@store:~# dig zardak.io mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> zardak.io mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13981
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zardak.io.                     IN      MX

;; ANSWER SECTION:
zardak.io.              2592000 IN      MX      10 mail.zardak.io.

;; AUTHORITY SECTION:
zardak.io.              2592000 IN      NS      zardak.io.

;; ADDITIONAL SECTION:
mail.zardak.io.         2592000 IN      A       192.168.0.58
zardak.io.              2592000 IN      A       192.168.0.58

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 21 10:20:56 IRDT 2018
;; MSG SIZE  rcvd: 105

root@store:~# cat /etc/resolv.conf
nameserver 127.0.0.1


User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1798
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.8 Patch 6 Network Edition
Contact:

Re: Ldap query for get domain name

Postby L. Mark Stone » Mon May 21, 2018 2:37 pm

Here's what I see...

First, there is no need to have mail.zardak.io in /etc/hosts for Zimbra's virtual host functionality to work. I would remove those entries.

Second, I would set the MX record for zardak.io to point to mail.havij.io. Otherwise you'll see email rejections because the Zimbra server, mail.havij.io, will not announce itself as mail.zardak.io when contacted on Port 25 or 587 so you'll have a name mismatch.

Third, Ubuntu 17 is not a supported distribution so likely you will have some issues.

None of those, except maybe the Ubuntu 17 installation, necessarily go to your issue with Bob's actual domain account not being looked up correctly. I would ask therefore if you changed anything else?

I ask because, just to satisfy myself, I did the following on my hosting farm:
- Added to Zimbra a new test domain "missioncriticalemail.info" I own that exists in public DNS, and created a test mailbox named "bob@missioncriticalemail.info".
- In public DNS for the new test domain, I added an MX record to point to the hosting farm's MTA servers (which are on a different domain)
- In public DNS for the new test domain, I added an A record for the Zimbra Virtual Hostname "my.missioncriticalemail.info" to point to the public IP address of one of my proxy servers (which again are on a different domain).
- In the Zimbra Admin Console, I added the virtual host "my.missioncriticalemail.info" to the domain "missioncriticalemail.info".
- I opened a web browser, pointed it to "my.missioncriticalemail.info", clicked through the certificate mismatch error, and then logged in with the username equal to just "bob" and was logged in successfully.

That process (and adding the SSL certificates) is all you need to do to have the virtual host name functionality work.

What's different on your end from the above?

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
pasbag
Posts: 13
Joined: Tue Jun 21, 2016 5:28 am

Re: Ldap query for get domain name

Postby pasbag » Tue May 22, 2018 4:37 am

L. Mark Stone wrote:Here's what I see...

First, there is no need to have mail.zardak.io in /etc/hosts for Zimbra's virtual host functionality to work. I would remove those entries.

Second, I would set the MX record for zardak.io to point to mail.havij.io. Otherwise you'll see email rejections because the Zimbra server, mail.havij.io, will not announce itself as mail.zardak.io when contacted on Port 25 or 587 so you'll have a name mismatch.

Third, Ubuntu 17 is not a supported distribution so likely you will have some issues.

None of those, except maybe the Ubuntu 17 installation, necessarily go to your issue with Bob's actual domain account not being looked up correctly. I would ask therefore if you changed anything else?

I ask because, just to satisfy myself, I did the following on my hosting farm:
- Added to Zimbra a new test domain "missioncriticalemail.info" I own that exists in public DNS, and created a test mailbox named "bob@missioncriticalemail.info".
- In public DNS for the new test domain, I added an MX record to point to the hosting farm's MTA servers (which are on a different domain)
- In public DNS for the new test domain, I added an A record for the Zimbra Virtual Hostname "my.missioncriticalemail.info" to point to the public IP address of one of my proxy servers (which again are on a different domain).
- In the Zimbra Admin Console, I added the virtual host "my.missioncriticalemail.info" to the domain "missioncriticalemail.info".
- I opened a web browser, pointed it to "my.missioncriticalemail.info", clicked through the certificate mismatch error, and then logged in with the username equal to just "bob" and was logged in successfully.

That process (and adding the SSL certificates) is all you need to do to have the virtual host name functionality work.

What's different on your end from the above?

Hope that helps,
Mark



I tested my issue on single server and no any problem exist.
My environment is custom. Web UI server and mailbox server is separate and LDAP is on mailbox server and MTA and Proxy servers on Web UI.
I checked the user bob and exist on zardak.io domain.
The mail.zardak.io point to mail.havij.io and domain of mail.zardak.io can send and receive email on SMTP ports.
I just fix DNS resolve and remove /etc/hosts entries but my problem is not resolved.
Please set log level in /opt/zimbra/conf/log4j.properties.in to debug in your mailbox server and when you want login on virtual host, send your log ( /opt/zimbra/log/mailbox.log ) here. Please test for two user: user1 not exists on your new domain and user2 exists.
Thanks
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1798
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.8 Patch 6 Network Edition
Contact:

Re: Ldap query for get domain name

Postby L. Mark Stone » Tue May 22, 2018 10:44 am

I’ve never been able to place the jetty web ui components on server separate from mailboxd and have it work properly.

Plus, you are running Ubuntu 17, which is unsupported.

Since this is a lab environment, I would abandon it and then go with a more traditional and fully supported environment.

You may be trying to solve a problem that cannot be solved.

Regardless, you are spending a lot of time on a custom configuration that I don’t see has any benefits over a more standard configuration.

All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 23 guests