Zimbra 8.0 , LDAP and ejabberd

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
brice.capelle
Posts: 2
Joined: Sat Sep 13, 2014 2:59 am

Zimbra 8.0 , LDAP and ejabberd

Postby brice.capelle » Tue Nov 13, 2012 8:49 am

Hi all !
Like a lot of people I'm stuck with LDAP auth with Zimbra. First time I use Zimbra and LDAP too !
In fact I tried to use ejabberd 2.1 to connect to Zimbra using the LDAP auth but I can't connect.
I'm trying to find why I can't connect to Zimbra LDAP. So I'm currently using the ldapsearch to understand this.
I use the "zmlocalconfig -s | grep ldap_" command to find LDAP values in Zimbra.


root@mail:~# ldapsearch -H ldap://server.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com" -x

# extended LDIF

#

# LDAPv3

# base with scope subtree

# filter: (objectclass=*)

# requesting: ALL

#
# search result

search: 2

result: 0 Success
# numResponses: 1


I'm using the simple auth but in the conf I see that SASL is forced but if I try to use this with the "zimbra_ldap_password":


root@mail:~# ldapsearch -H ldap://server.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com"

SASL/DIGEST-MD5 authentication started

Please enter your password:

ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)

additional info: SASL(-1): generic failure: unable to canonify user and get auxprops


Even if I try to force the Zimbra user:



root@mail:~# ldapsearch -H ldap://mail.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com"

SASL/DIGEST-MD5 authentication started

Please enter your password:

ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)

additional info: SASL(-1): generic failure: unable to canonify user and get auxprops

root@mail:~# ldapsearch -H ldap://mail.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com" -U zimbra

SASL/DIGEST-MD5 authentication started

Please enter your password:

ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)

additional info: SASL(-1): generic failure: unable to canonify user and get auxprops

root@mail:~# ldapsearch -H ldap://mail.eulerian.com:389 -b "ou=people,dc=eulerian,dc=com" -X "dn:uid=zimbra,cn=admins,cn=zimbra"

SASL/DIGEST-MD5 authentication started

Please enter your password:

ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)

additional info: SASL(-1): generic failure: unable to canonify user and get auxprops


I searched the net and it seems possible user are not maped for SASL AUTH. I miss something and I don't know what is it, LDAP client conf or the Zimbra server LDAP ...
If someone got an idea, feel free to answer !
Thank you for your time.


bdial
Elite member
Elite member
Posts: 1633
Joined: Fri Sep 12, 2014 10:39 pm

Zimbra 8.0 , LDAP and ejabberd

Postby bdial » Tue Nov 13, 2012 11:46 am

afaik anonymous binding is disabled in zcs. You'd probably want to bind as the user uid=zimbra,cn=admins,cn=zimbra
brice.capelle
Posts: 2
Joined: Sat Sep 13, 2014 2:59 am

Zimbra 8.0 , LDAP and ejabberd

Postby brice.capelle » Wed Nov 14, 2012 10:35 am

[quote user="bdial"]afaik anonymous binding is disabled in zcs. You'd probably want to bind as the user uid=zimbra,cn=admins,cn=zimbra[/QUOTE]
Thank you for your answer !
I'm pretty sure it's that but it doesn't work. Seems my Base DN is not ok too ...
I tried to bind with the -D option, seems I don't use it well ... I fear for the Ejabberd Connection then :/
What am I doing wrong for the user binding ? I don't understand :/
The ejabberd server will be on the same server, if I remove the SASL, will it cause problems to Zimbra ?


root@mail:~# ldapsearch -v -h mail.eulerian.com -p 389 -D "uid=zimbra,ou=people,dc=eulerian,dc=com" -b "ou=people,dc=eulerian,dc=com" -X -W

ldap_initialize( ldap://mail.eulerian.com:389 )

SASL/DIGEST-MD5 authentication started

Please enter your password:

ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)

additional info: SASL(-1): generic failure: unable to canonify user and get auxprops


Here is a part of the confioguration:



ldap_host = server.eulerian.com

ldap_is_master = true

ldap_ldapi_socket_file = ${zimbra_home}/openldap/var/run/ldapi

ldap_master_url = ldap://server.eulerian.com:389

ldap_nginx_password = ****

ldap_overlay_accesslog_logpurge = 01+00:00 00+04:00

ldap_overlay_syncprov_checkpoint = 20 10

ldap_port = 389

ldap_postfix_password = ****

ldap_read_timeout = 0

ldap_replication_password = ****

ldap_root_password = ****

ldap_starttls_required = true

ldap_starttls_supported = 1

ldap_url = ldap://server.eulerian.com:389

zimbra_class_ldap_client = com.zimbra.cs.ldap.unboundid.UBIDLdapClient

zimbra_ldap_password = ****

zimbra_ldap_user = zimbra

zimbra_ldap_userdn = uid=zimbra,cn=admins,cn=zimbra


Return to “Administrators”

Who is online

Users browsing this forum: zimico and 7 guests