« previous next »
Pages: [1]

Author Topic: Zimbra and Zentyal 3 - LDAP Ext Auth Issues [SOLVED]  (Read 7271 times)

alvarog_silva

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Zimbra and Zentyal 3 - LDAP Ext Auth Issues [SOLVED]
« on: October 28, 2013, 01:05:20 pm »
Hi everyone! Hope you fine!

I would like to ask a question:

Once I had the Zentyal 2.2, I could get my Zimbra Mail Server authenticated against Zentyal LDAP.

Now, on Zentyal 3, I used the information provided in 'LDAP Settings', but the Zimbra is not working anymore.

I know it could be a Zimbra problem, but since its working right know (I did a new install in a VM - use Zentyal 2.2) I ask myself if it could be a Zentyal problem or another setting I´m missing.

My LDAP Conf and Zimbra Conf:

Zentyal
Base DN:    dc=intranet,dc=company
Root DN:   cn=zentyal,dc=intranet,dc=company
Password: kxkxkxkxkxkxk
Users DN:    ou=Users,dc=intranet,dc=company


Zimbra
Authentication Method:   
LDAP external
URL LDAP:   ldap://1.1.1.1:389
Active StartTLS   No
Filter LDAP:uid=%u
Base of Search LDAP:   ou=Users,dc=intranet,dc=company
Use DN Password - No

-----------

It says 'javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name 'ou=Users,dc=intranet,dc=company'

Thanks in advance for any help I could get!  ;D
« Last Edit: October 28, 2013, 04:09:54 pm by alvarog_silva »
Logged

christian

  • Guest
Re: Zimbra and Zentyal 3 - LDAP Ext Auth Issues
« Reply #1 on: October 28, 2013, 02:35:59 pm »
If you look closer at this forum, you will discover that Zentyal 2.x is running one single LDAP server listening on port 389 (std LDAP port) while 3.x runs one or two LDAP server(s): if file sharing is deployed, then additional LDAP server is configured, dedicated to Samba. This additional server listen on port 389 and because of this, standard LDAP server listen on port 390.

Authenticating against Samba LDAP requires, if I'm not wrong GSSAPI thus I would rather suggest that you change settings LDAP client side and access LDAP on port 390.
Logged

alvarog_silva

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Zimbra and Zentyal 3 - LDAP Ext Auth Issues
« Reply #2 on: October 28, 2013, 03:23:40 pm »
Thanks for your quick reply!

I didn´t a very close search, that´s for sure, but your answer just fits my needs.

I´ve changed the port to 390, and Bind using 'zentyalro' user and it works like a charm!

Thanks a lot!

(PS: I have to take a extra time to explore Zentyal 3, as I did in the past, but due to lot of projects and customer requests, my time is little bit tight right now.)

Logged

christian

  • Guest
Re: Zimbra and Zentyal 3 - LDAP Ext Auth Issues
« Reply #3 on: October 28, 2013, 03:40:13 pm »
If issue is solved, then please stamp your first post title as [SOLVED] as it helps other forum members while searching this forum  ;)
Logged

alvarog_silva

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Zimbra and Zentyal 3 - LDAP Ext Auth Issues [SOLVED]
« Reply #4 on: October 28, 2013, 04:10:36 pm »
Got it!
Logged

djhox

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Zimbra and Zentyal 3 - LDAP Ext Auth Issues [SOLVED]
« Reply #5 on: February 24, 2014, 09:50:40 am »
To summarize everything. Short instruction on how to setup LDAP Autoprovisioning in Zimbra 8 from Zentyal 3+

Create a group "mail" in Zentyal as you, probably do not want all the users to authenticate, but only in the group "mail".

In the Zimbra Admin Web Interface go to Configure -> Domains -> right click on the domain that you want to assign with zentyal and select Configure Authetication, choose External LDAP.

Ldap://{domain_name or ip of Zentyal} : 390

LDAP filter: (&(|(objectclass=inetOrgPerson))(|(memberof=cn=mail,{Default Groups DN in Zentyal}))(uid=%u))


LDAP search base: {Default Users DN in Zentyal}

Bind DN: {root DN from zentyal}
Bind password: {Zentyal root password}

Then ssh into the Zimbra server and login as zimbra user. Then type the following:

zmprov

md {domain name in zimbra to assign autoprovisioning} zimbraAutoProvMode LAZY     
md {domain name in zimbra to assign autoprovisioning} zimbraAutoProvAuthMech LDAP   
md {domain name in zimbra to assign autoprovisioning} zimbraAutoProvLdapURL ldap://{domain_name or ip of Zentyal}:390
md {domain name in zimbra to assign autoprovisioning} zimbraAutoProvLdapAdminBindDn "{root DN from zentyal}"
md {domain name in zimbra to assign autoprovisioning} zimbraAutoProvLdapAdminBindPassword "{Zentyal root password}"
md {domain name in zimbra to assign autoprovisioning} zimbraAutoProvLdapSearchFilter "(&(|(objectclass=inetOrgPerson))(|(memberof=cn=mail,{Default Groups DN in Zentyal}))(uid=%u))"
md {domain name in zimbra to assign autoprovisioning} zimbraAutoProvLdapSearchBase "{Default Users DN in Zentyal}"
md {domain name in zimbra to assign autoprovisioning} +zimbraAutoProvAttrMap description=description +zimbraAutoProvAttrMap cn=displayName +zimbraAutoProvAttrMap givenName=givenName  +zimbraAutoProvAttrMap sn=sn
exit

That's it. Try to create a new user in Zentyal, assign it to a group "mail" and try to login in zimbra with "username@yourdomain.com". Hope it helps someone. It took couple of hours of my time to figure it out
« Last Edit: February 24, 2014, 09:55:01 am by djhox »
Logged
Pages: [1]
« previous next »