Author Topic: Connecting to Zentyal 5.0.2 LDAP  (Read 6827 times)

aan_1

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Connecting to Zentyal 5.0.2 LDAP
« on: January 12, 2017, 11:37:28 am »
I have a zentyal 5.0.2 installation and I am trying to connect to the LDAP via a LDAP manager.

I'm getting an invalid credentials error. I'm certain that they are correct but my LDAP client isn't working.

Zentyal 5.0

Base DN:DC=xxx,DC=yyy

Default Users DN: CN=Users,DC=xxx,DC=yyy

Default Groups DN: CN=Users,DC=xxx,DC=yyy

The user name is ldap and the password is xxx. It is also a part of the domain administrators group I'm currently using the Windows LDAP admin tool which is only asking for the hostname/ip, the base DN, port, and my user/password.

...that zentyal has an atypical port: 390 but if i check in shell this port is not active, i have only active port 389
However, a friend of mine found somewhere that they put it back on port 389 (it may have had something to do with their switch from OpenLDAP to active directory). That looks right because when I try connecting to 390 instead of 389 I get a "connect error" instead of "Invalid credentials"

Still, I couldn't find anywhere in the Zentyal wiki that says what port you have to use. I'm guessing its just 389 like normal?

One thing I tried is using the zentyalro account. The problem is, I can't find the password!!!!

« Last Edit: January 13, 2017, 08:15:48 am by aan_1 »

shahdivy

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +1/-0
    • View Profile
Re: Connecting to Zentyal 5.0.2 LDAP
« Reply #1 on: April 19, 2017, 04:35:27 pm »
I was able to setup LDAP authentication on pfsense firewall.  Use following to debug.

LDAP is running on port 389.  Confirm by running on zentyal server - "nmap -v localhost"

Look on GUI for zentyal server -> Users and Computers -> LDAP settings.

Another useful tool "dsquery" from client will help debug..

https://social.technet.microsoft.com/Forums/windowsserver/en-US/fdcff84a-21a7-4403-bc4e-b4c7255f69fd/how-to-test-an-ldap-connection-via-dsquery-command?forum=winserverDS

Regards to user - I created new user for LDAP and used it.  Note - review dsquery output to figure out what you need to use for using that account correctly.  It does not use username!

Hope this helps.