LDAP Auth and Recipient Check - Zimbra

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP Auth and Recipient Check - Zimbra

Brad Firestone
Hi All,
I’m trying to setup the Enterprise Edition during my 30 day trial.  I’ve read through as much documentation as I can find, but still can’t get LDAP to work for either User Authentication or Recipient Checks.  We are using Zimbra as our mail server and can connect to Zimbra’s LDAP using ldapsearch and Apache Directory Studio.

I’m sure I just don’t have something set correctly, but I can’t seem to find any COMPLETE examples, and I’m just not getting it figured out.  I’ve tried all sorts of combinations of search filters and split (or not split) the address.  Maybe the easiest is to give the format of the LDAP entries and then ask what should go in each entry in Baruwa including all punctuation:

User attempting to login to Baruwa:  [hidden email]   The user enters the full email address as the Baruwa Username.
This record in LDAP has the following entries (as seen in Apache Directory Studio):
DN:  uid=test,ou=people,dc=example,dc=com
cn = My Test
sn = Test
uid = test
mail = [hidden email]
mail = [hidden email] (This is a Zimbra alias address)

I am using the following settings:
Base DN:  ou=people,dc=example,dc=com  (Should this be in quotes or other punctuation?)
Username attribute:  uid  (again, should there be any punctuation?)
Bind DN:  uid=zimbra,cn=admins,cn=zimbra  (This is what I use in Apache Directory Studio.  I’ve also tried leaving this blank.)
Bind password:  password for the Bind DN that works in Apache DS.
Not using TLS
Search for UserDN:  I have tried this both ways.  I think I understand that I could do anonymous binds (not entering a Bind DN and Password) and check this box to just bind with the user’s info.
Auth and Email Search Filters:  I have tried various combinations.  What should I enter here?  Please include all punctuation.

Then, based on any settings you suggest, should I check the box to Split the Address?

Sorry I’m so dense!  If someone can provide the correct settings, I’m sure this will help me and others who may need this in the future.

So far, I’m liking Baruwa, but would appreciate more examples in the documentation.  Thank you for any help that can be provided!
Brad
_______________________________________________
http://pledgie.com/campaigns/12056
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Auth and Recipient Check - Zimbra

Andrew Colin Kissa
Administrator

On 27 May 2015, at 12:04 AM, Brad Firestone <[hidden email]> wrote:

> I’m trying to setup the Enterprise Edition during my 30 day trial.  I’ve read through as much documentation as I can find, but still can’t get LDAP to work for either User Authentication or Recipient Checks.  We are using Zimbra as our mail server and can connect to Zimbra’s LDAP using ldapsearch and Apache Directory Studio.
>
> I’m sure I just don’t have something set correctly, but I can’t seem to find any COMPLETE examples, and I’m just not getting it figured out.  I’ve tried all sorts of combinations of search filters and split (or not split) the address.  Maybe the easiest is to give the format of the LDAP entries and then ask what should go in each entry in Baruwa including all punctuation:
>
> User attempting to login to Baruwa:  [hidden email]   The user enters the full email address as the Baruwa Username.
> This record in LDAP has the following entries (as seen in Apache Directory Studio):
> DN:  uid=test,ou=people,dc=example,dc=com
> cn = My Test
> sn = Test
> uid = test
> mail = [hidden email]
> mail = [hidden email] (This is a Zimbra alias address)
>
> I am using the following settings:
> Base DN:  ou=people,dc=example,dc=com  (Should this be in quotes or other punctuation?)
> Username attribute:  uid  (again, should there be any punctuation?)
> Bind DN:  uid=zimbra,cn=admins,cn=zimbra  (This is what I use in Apache Directory Studio.  I’ve also tried leaving this blank.)
> Bind password:  password for the Bind DN that works in Apache DS.
> Not using TLS
> Search for UserDN:  I have tried this both ways.  I think I understand that I could do anonymous binds (not entering a Bind DN and Password) and check this box to just bind with the user’s info.
> Auth and Email Search Filters:  I have tried various combinations.  What should I enter here?  Please include all punctuation.
>
> Then, based on any settings you suggest, should I check the box to Split the Address?
>
> Sorry I’m so dense!  If someone can provide the correct settings, I’m sure this will help me and others who may need this in the future.
>
> So far, I’m liking Baruwa, but would appreciate more examples in the documentation.  Thank you for any help that can be provided!
Hi Brad,

This is the community list, in future please use the enterprise edition list at https://lists.baruwa.com

Based on the info you have provided.

Base DN: ou=people,dc=example,dc=com
Bind DN: uid=zimbra,cn=admins,cn=zimbra - This looks dodgy to me you cannot have 2 cn= i would double check this.
Username attribute: uid
Bind Password: Password for the above bind DN
Auth Filter: uid=%u
Email Search Filter: mail=%n

You need to split the address because the uid is just the local_part not local_part@domain

You don't have to quote anything.

- Andrew


_______________________________________________
http://pledgie.com/campaigns/12056

signature.asc (858 bytes) Download Attachment
--
Baruwa - www.baruwa.org
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Auth and Recipient Check - Zimbra

Andrew Colin Kissa
Administrator

On 27 May 2015, at 12:20 AM, Andrew Colin Kissa <[hidden email]> wrote:

> Email Search Filter: mail=%n

Make that mail=%u@%d

%n is not available to the Email filter.


_______________________________________________
http://pledgie.com/campaigns/12056

signature.asc (858 bytes) Download Attachment
--
Baruwa - www.baruwa.org