Zentyal Password Synchronization with Google Apps Education

[christian]

you won't  succeed if I'm right, at least using standard Zentyal LDAP server.

I strongly believe password is changed using kpasswd when using Zentyal GUI. so only Kerb is used and LDAP authentication fault-back to Kerberos.
If you have file sharing module installed (Samba) try to look at Samba-LDAP in case it help.

Would Google Apps support any Kerberos auth (and trust ?)

[ashokjp]

I have file sharing enabled, but not sure where samba stores password and how i can read the password hash of it. Does samba too use LDAP to store password hash. if so even that would do

I cant get google apps understand anything in any format apart from what i mentioned in last post

[christian]

I have file sharing enabled, but not sure where samba stores password and how i can read the password hash of it. Does samba too use LDAP to store password hash.

stored in LDAP yes ... but another one. Try to access LDAP on port 389
I've no guaranty you will find there what you are looking for however 

I cant get google apps understand anything in any format apart from what i mentioned in last post

yes because, as I wrote at the very beginning of this thread, these are the only hashes Google supports.

[ashokjp]

my ldap browser is installed in windows machine in network.

I guess port 389 is blocked access from outside the server. How can i access it, firewalls is opened for all apps all ports in all direction.

[christian]

What make you think that access is blocked from outside if, on the other hand, you have checked that at FW level ports are open ?

In order to check whenever access works, from network standpoint, then try to:
- access anonymously (if not already done)
- access only RootDSE

This will tell you whenever access works from protocol standpoint.

Then there is another aspect that is to authenticate successfully. I don't have any such LDAP server to check but as far as I remember, basic authentication will not work. You have to set up SASL authentication or GSSAPI (this should be visible looking at RootDSE)

What is your LDAP client?

[ashokjp]

I can access port 390 but not 389, tried even on a telnet. Telnet itself doesnt get connected on 389

Firewall has been turned to pass all traffic in and out from all networks (confirmed).

I can telnet to port 389 within server but not from a local network

App - Jxplorer

[christian]

oops, would it mean that this LDAP server is not listening on external interface 
This I can't tell.

Check ldap config files or try

Code: [Select]

netstat -en | grep 389

[ashokjp]

root@ashokpc:/etc/ldap/slapd.d# netstat -en | grep 389
tcp        0      0 127.0.0.1:389           127.0.0.1:52711         TIME_WAIT   0          0


well, I cant find the ldap configuration for samba ldap

I see a file - /opt/samba4/share/setup/slapd.conf but that isnt the ldap config for samba i believe

[christian]

indeed, listening only on internal interface