Author Topic: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication  (Read 5665 times)

alvarog_silva

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« on: July 02, 2015, 10:15:47 pm »
Hi folks  :D

I've been wondering if is it possible to authenticate users from ZIMBRA in the LDAP tree of Zentyal Server.

I do have a Zentyal 3.4.8, which I authenticate all users from my Zimbra 8 Mail server successfully working. But when it comes to Zentyal 4, I can't get it thorough, since latest Zentyal don't show username and password on the section 'LDAP Settings'.

If somebody have a clue on how to get it working on Zentyal 4, please share.

Thanks   

PS: I've tried a lot of configuration on the Zimbra side, which includes setting a password for the user Administrator on Zentyal side. Either way I can't authenticate any users, since a the final process of configuration 'Configure Authentication', the 'test' to see if any user could get its credentials, fails.
« Last Edit: July 02, 2015, 10:41:27 pm by alvarog_silva »

alvarog_silva

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #1 on: July 02, 2015, 10:51:49 pm »
I've checked this solution https://oitibs.com/zentyal-4-1-ldap-authentication/

But its not working either.

mmarable

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +2/-0
    • View Profile
    • OpenIT Integrated Business Solutions
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #2 on: July 15, 2015, 05:21:15 pm »
I am wondering if you have been able to resolve your issue. I wrote the article mentioned above and have not had any problems authenticating users against Zentyal 4.1. Are you getting any meaningful errors logged by Zimbra?

alvarog_silva

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #3 on: July 22, 2015, 03:13:50 pm »
Hi

Actually I've been not able to solve this issue. I've tried the methods you described, among others actions I've found over the internet, but none of those solutions solved the issue.

Did you have this kind of scenario working 100%?

mmarable

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +2/-0
    • View Profile
    • OpenIT Integrated Business Solutions
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #4 on: July 24, 2015, 04:00:30 pm »
Can you telnet to port 389 from a machine on the same LAN segment?

mmarable

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +2/-0
    • View Profile
    • OpenIT Integrated Business Solutions
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #5 on: July 24, 2015, 07:55:17 pm »
Here is my exact setup with screenshots. This example is authenticating pfsense against Zentyal 4.1.3.

First you must ensure you have changed the password of the Administrator in "Users & Computers" > "Manage" . Next you will need to note you LDAP Settings located at "Users & Computers" > "LDAP Settings".



Once you have taken note of those settings, head over to pfsense "System" > "User Manager" > "Servers" and add a server. Below you will note the connection settings. Note "ZENTYAL" highlighted in yellow is the netbios domain name of the Zentyal server. You can also use the format Administrator@zentyal.local.



While I understand that this is not Zimbra specific (I dont use or support Zimbra), the configuration will hopefully get you moving in the right direction.
« Last Edit: July 24, 2015, 08:00:41 pm by mmarable »

mmarable

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +2/-0
    • View Profile
    • OpenIT Integrated Business Solutions
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #6 on: July 24, 2015, 08:04:59 pm »
Also, you can refer to: http://wiki.zimbra.com/wiki/LDAP_Authentication and http://stackoverflow.com/questions/13932900/zimbra-login-authentication-error-with-external-ldap

Specifically "LDAP bind DN" which in the case above would be:

cn=Administrator,cn=Users,dc=zentyal,dc=local - DN format

Administrator@zentyal.local - UPN Format
« Last Edit: July 24, 2015, 08:45:22 pm by mmarable »

jwilliams1976

  • Zen Apprentice
  • *
  • Posts: 22
  • Karma: +1/-0
    • View Profile
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #7 on: July 26, 2015, 06:39:25 am »
Has anyone been able to get Apache to authenticate to the Zentyal 4.1 LDAP? I have tried everything I can find but have had no luck. I have other services working with it so I know it's working on the Zentyal server side. My other services use DOMAINNAME\Administrator style for the Bind DN but Apache gives a 500 internal server error when I use that. cn=Administrator,cn=Users,dc=domainname,dc=lan style gives me a Password Mismatch error in the Apache log.

mmarable

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +2/-0
    • View Profile
    • OpenIT Integrated Business Solutions
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #8 on: July 27, 2015, 05:30:28 pm »
What version of Apache?

It is important to note that if running Apache 2.4.x. the configuration directive AuthnProviderAlias no longer works with the updated version. AuthLDAPURL, AuthLDAPBindDN and AuthLDAPBindPassword must now be declared inside the virtual directory tags.


mmarable

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +2/-0
    • View Profile
    • OpenIT Integrated Business Solutions
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #9 on: July 27, 2015, 05:42:49 pm »
The following setup is working with Apache 2.4.6 authentication against Zentyal 4.1.3

<Location />
   AuthType Basic
   AuthName "LDAP Credentials Required"
   AuthBasicProvider ldap
   AuthLDAPURL "ldap://develop.zentyal.local:389/cn=Users,dc=zentyal,dc=local?sAMAccountName?sub?(objectClass=*)"
   AuthLDAPBindDN "cn=Administrator,cn=Users,dc=zentyal,dc=local"
   AuthLDAPBindPassword "[zentyal.admininstrator.password]"
   Require ldap-group "cn=Users,dc=zentyal,dc=local"
</Location>

jwilliams1976

  • Zen Apprentice
  • *
  • Posts: 22
  • Karma: +1/-0
    • View Profile
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #10 on: July 27, 2015, 11:43:28 pm »
I still can't get this to work. With this setup I always get:
Code: [Select]
[Mon Jul 27 14:34:44.938751 2015] [auth_basic:error] [pid 29828:tid 140253874984704] [client 127.0.0.1:46336] AH01617: user jwilliams: authentication failure for "/test": Password MismatchNot sure if it's even getting to the LDAP server or if it can't supply the correct password. I am positive that both the Administrator Bind password is correct as well as the user password through the broswer. Here is my relevant Apache code. This is inside of the <VirtualHost *:80> container. I have tried a <Location> container instead of <Directory> but it doesn't make any difference.

Code: [Select]
Alias /test "/apachetest/"
<Directory /apachetest/>
Options Indexes FollowSymLinks Includes ExecCGI MultiViews
AllowOverride None
AuthBasicProvider ldap
AuthType Basic
    AuthName "DEI Internal Website"
AuthLDAPURL "ldap://192.168.2.12:389/cn=Users,dc=deidomain,dc=lan,?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "cn=Administrator,cn=Users,dc=deidomain,dc=lan"
AuthLDAPBindPassword "password"
    Require valid-user
</Directory>

mmarable

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +2/-0
    • View Profile
    • OpenIT Integrated Business Solutions
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #11 on: July 28, 2015, 06:41:54 pm »
First, what version of Apache are you running?

Second, I would suggest removing the alias until you get the authentication working.

jwilliams1976

  • Zen Apprentice
  • *
  • Posts: 22
  • Karma: +1/-0
    • View Profile
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #12 on: July 28, 2015, 07:25:11 pm »
I am using Apache 2.4.7. I have tried without the alias and get the exact same results but will go ahead and eliminate the alias for now. Any idea if the Apache error log means the Bind DN is failing or the user login is failing?

mmarable

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +2/-0
    • View Profile
    • OpenIT Integrated Business Solutions
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #13 on: July 28, 2015, 07:36:38 pm »
Update the following line with....

Code: [Select]
AuthLDAPURL "ldap://192.168.2.12:389/cn=Users,dc=deidomain,dc=lan?sAMAccountName?sub?(objectClass=*)" NONE
I am thinking that will get it done. If not please check and make sure you can telnet to port 389 from a machine on the same LAN
« Last Edit: March 09, 2016, 08:43:57 pm by mmarable »

alvarog_silva

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication
« Reply #14 on: July 28, 2015, 09:45:21 pm »
Hi everyone,

So, I tried all different methods to get it working, but didn't get any results at this time. I see that the Zimbra Server is 8.5.1, and has a updated version which is 8.6.0, and I'll update to see if works.

Thanks a lot for all the answers  :D

I'll keep this post updated, so anyone whom may have this problem could get some help.

See ya