Postfix query against Zentyal 3.5 LDAP Invalid Credentials (49)

[dimklankopf]

Hey guys,
i hope someone could help me!

Basic information:

MTA (Postfix, Ubuntu 12.04) 192.1.1.1
Clean install Zentyal 3.5 (Mailserver) 192.1.1.2 with user "ldap"

Problem:

My MTA try to query LDAP information against Zentyal. (postmap -vq user@test.tld ldap:/etc/postfix/ldap.cf). Zentyal refuse the connection with this error message:

postmap: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/ldap.cf, reopening
postmap: dict_ldap_connect: Connecting to server ldap://192.1.1.2:389
postmap: dict_ldap_connect: Actual Protocol version used is 3.
postmap: dict_ldap_connect: Binding to server ldap://1.1.2:389 with dn CN=ldap,DC=test,DC=tld
postmap: warning: dict_ldap_connect: Unable to bind to server ldap://192.1.1.2:389 with dn CN=ldap,DC=test,DC=tld: 49 (Invalid credentials)
postmap: fatal: table ldap:/etc/postfix/ldap.cf: query error: Success

MTA ldap.cf

# directory settings
server_host = 192.1.1.2
search_base = DC=test,DC=tld
version = 3

# user binding
bind = yes
bind_dn = CN=ldap,DC=test,DC=tld
bind_pw = password

query_filter = mail=%s
result_attribute = mail

I tried this configuration on Zentyal 3.4 two month ago and it works fine.

[StuartNaylor]

Ok I get it, had two read again as its an external mail server.

Download the 32bit version of apache directory studio.

See if you can connect with your user ldap and see what you can read.

Could be firewall, authentication and a few others the apache test will provide much info.

[dimklankopf]

Same error message: LDAP error code 49 - simple bind failed NT_STATUS_UNSUCCESSFUL

Is there any logfile in Zentyal for LDAP error messages? Maybe i could collect more information?!

[dimklankopf]

I got it.

If you use postfix mta with ldap query against samba4 / zentyal:

Wrong
bind_dn = CN=ldap,DC=test,DC=tld

Right
bind_dn = user@test.tld

Same in apache directory studio. Do not use DN natation.

[StuartNaylor]

Here is a copy of my /etc/postfix/login.cf which is by zentyal

Code: [Select]

erver_host = localhost:389
version = 3
search_base = DC=office,DC=zentyal,DC=lan
query_filter = (&(|(mail=%s)(otherMailbox=%s))(objectClass=user))
result_attribute = mail, otherMailbox
bind = yes
bind_dn = CN=zentyal-mail-zent1,CN=Users,DC=office,DC=zentyal,DC=lan
bind_pw = KVke0WpNPUEPTwER2Ksi
Also attached a picture as that is the DN that I have been authenticating on.

user@test.tld is a user principle name and you can logon with that as well.

[dimklankopf]

In Zentyal 3.4 i used the DN notation. Everything works fine. Maybe there is a bug in my new installation.   

In my case the problem is solved.

Thank you for help StuartNaylor.

[StuartNaylor]

Its great that you have done an external postfix example. +1

I believe you and its strange about the DN the example I showed is 3.5.

I have had some problems logging in and zentyal can be quite start to slow. Well slow if you are sat there waiting for it to boot.

I suppose you don't have any fetchmail examples?

And also many thanks

Stuart

[StuartNaylor]

I suddenly had an after thought so I thought I would post so it gets to your attention.

Its great that you have postfix setup to externally authenticate to the zentyal box.

I was just thinking actually I wouldn't do it that way Samba4 is really light and the directory replication works really well.

I would probably be more inclined to install just samba4 on the postfix server and set it as an ADC to the zentyal.

That way if the zentyal box goes down you have the choice of FSMO roles and postfixes continues to run.

Also if you rsync sysvol after FSMO the postfix box would act as a backup client authentication server.

You probably have excellent and correct choices for your system but I thought I would mention it.

The extra schema of Zentyal on the PDC will replicate automatically to all ADC's.

I use the sernet binaries  http://www.enterprisesamba.com/samba/ as the standalone AD is amazingly light.

[tessem]

Hello.
I have a problem when setting up the mail module.

 When I  install zentyal it received settings from DHCP.  It received domain name  test.local. I reconfigured domain to office.lan, but postfix and Dovecot configuration files still had old settings to the domain test.local and old passwords.

How I can migrate all modules to a new domain? Reinstall the module does not help. removing and installing via apt is does not   create  login.cfg.
How to create login.cfg? How to create the  zentyal-mail-xx's password?

PS: Sorry for my English.