Connecting to Zentyal 4.1 LDAP

[mkrell]

I have a zentyal 4.1 installation and I am trying to connect to the LDAP via a LDAP manager.

I'm getting an invalid credentials error. I'm certain that they are correct but my LDAP client isn't working.

Zentyal 4.1

Base DN:DC=life,DC=lan

Default Users DN: CN=Users,DC=life,DC=lan

Default Groups DN: CN=Users,DC=life,DC=lan


The user name is Synology and the password is synology. It is also a part of the domain administrators group I'm currently using the Mac LDAP admin tool which is only asking for the hostname/ip, the base DN, port, and my user/password.

I know from reading this forum:

https://forum.zentyal.org/index.php?topic=17126.0

...that zentyal has an atypical port: 390. However, a friend of mine found somewhere that they put it back on port 389 (it may have had something to do with their switch from OpenLDAP to active directory). That looks right because when I try connecting to 390 instead of 389 I get a "connect error" instead of "Invalid credentials"

Still, I couldn't find anywhere in the Zentyal wiki that says what port you have to use. I'm guessing its just 389 like normal?

One thing I tried is using the zentyalro account. The problem is, I can't find the password!!!! I'm guessing its in /var/lib/zentyal/conf but I've tried the ebox password and the mysql password and none of those are right.

The whole reason I'm writing this is because every time I've googled my problems I keep getting results for zentyal 3.*, NOT 4.* .

If you're curious to know what started me on this path, it was actually the same reasons that Zippydan from the other forum post had: I want to connect my Synology Diskstation to my Zentyal LDAP. I solved that problem by just joining it to the domain instead of connecting its LDAP client (it ended up being practically the same thing) but I need to connect my Barracuda Webfilter's LDAP client now and if I can't figure this out my company will be stuck.

Regards,
Matt

[mkrell]

Addendum: I know for a fact that I can connect to the machine because if I don't log in (so leave the credentials defualt) I get a guest access which is basically nothing.

I'm also running Zentyal on a virtual machine if that makes any difference. The Firewall module is also totally off so that wouldn't be the problem

[bakcsa83]

Hi,

I have spent significant time to figure out how to connect with apache directory studio to Zentyal's LDAP.

First step is to update the built in Administrator user under Users and Computers--> Manage.
Change the password and assign a Last name and a First name to it. I used "Admin" for all fields.


Once you modified that user, you can connect with the followings:
Base DN:DC=life,DC=lan
Port:389
User: "cn=Admin Admin,CN=Users,DC=life,DC=lan"
password: your password

I hope it helps.

[mkrell]

THAAAAAAAAAAAAANK YOOOOOOOOOOOOOOUUUUUUUUUU!!!!!!!!!!! That worked! I'm a total noob to this world and it is a massive relief to even get a reply on these forums!

So (correct me if I'm wrong) basically the big change to the Zentyal 4.* LDAP now is that

• They put back the Users LDAP on port 389 like normal
• You can access it via the Administrator user, which you need to configure yourself

... and hence that's why the forum post I linked to earlier doesn't work.

[bakcsa83]

Yes, the port has changed.
Regarding the user, you can use any user (with sufficient permissions) to connect to the Samba LDAP server. The tricky thing is finding out the right DN for the user which could be used for authentication. It was very strange for me that the DN contains SN instead of uid.

Anyway, it wouldn't be a problem if Zentyal could display the LDAP entries of the users. Unfortunately, there is no such function which is a huge drawback for those, who still need simple LDAP authentication besides kerberos.

[murz]

Many thanks, using "Name Surname" for login into Zentyal 4.1 LDAP database works well!

But I don't understand why I must connect to Zentyal 4.1 LDAP via "Name Surname" instead of one-word "username" (login) like in Zentyal 4.0 and earlier versions.
Is this Zentyal issue or this is normal to use "Name Surname" as login name for LDAP AD databases?

[murz]

I have create an issue about this problem: https://tracker.zentyal.org/issues/3870

[jbahillo]

Hello:

In 4.0 this is working in the same way, IIRC

Only on editions which had OpenLDAP you were able to bind using UID, but this is because you were binding to OpenLDAP and not to samba. You may try it yourself trying to bind to samba (port 389) on a 3.x edition.

 

[murz]

Yes, the problem is that OpenLDAP and samba uses different fields for login. But using "Name Surname" for login is not so good and stable way (our company use names with Russian letters), use username will be much stable and comfortable.
Is there any option in Samba for change this behavior?

[cb1986ster]

Try to use username@domain.separated.by.dots as ldap user.

[murz]

Thanks, logging in via username@domain.separated.by.dots login works well on Zentyal 4.0 and 4.1! This is much better and stable that "Name Surname", I will use it. Please document this in manuals.