Quantcast

LDAP Auth and Recipient Check - Zimbra

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

LDAP Auth and Recipient Check - Zimbra

Brad Firestone
Thanks for the responses Andrew.  I realized I had subscribed to the digest and didn’t have a way to reply directly.  I’m guessing this will end up as a separate thread, so I’m including the previous messages below.

The information you provided did make it work.  Thanks so much.  Also, I hadn’t realized there was a separate list for the Enterprise Edition.  I’ll be sure to use that in the future.

The Bind DN is correct for Zimbra and does work.  Thanks again for your quick response!!
Brad
On 27 May 2015, at 12:04 AM, Brad Firestone <BARUWA MAILFW has detected a possible fraud attempt from "lists.baruwa.org" claiming to be bhotrock at gmail.com> wrote:

> I’m trying to setup the Enterprise Edition during my 30 day trial.  I’ve read through as much documentation as I can find, but still can’t get LDAP to work for either User Authentication or Recipient Checks.  We are using Zimbra as our mail server and can connect to Zimbra’s LDAP using ldapsearch and Apache Directory Studio.
> 
> I’m sure I just don’t have something set correctly, but I can’t seem to find any COMPLETE examples, and I’m just not getting it figured out.  I’ve tried all sorts of combinations of search filters and split (or not split) the address.  Maybe the easiest is to give the format of the LDAP entries and then ask what should go in each entry in Baruwa including all punctuation:
> 
> User attempting to login to Baruwa:  BARUWA MAILFW has detected a possible fraud attempt from "lists.baruwa.org" claiming to be test at example.com   The user enters the full email address as the Baruwa Username.
> This record in LDAP has the following entries (as seen in Apache Directory Studio):
> DN:  uid=test,ou=people,dc=example,dc=com
> cn = My Test
> sn = Test
> uid = test
> mail = BARUWA MAILFW has detected a possible fraud attempt from "lists.baruwa.org" claiming to be test at example.com
> mail = BARUWA MAILFW has detected a possible fraud attempt from "lists.baruwa.org" claiming to be test1 at example.com (This is a Zimbra alias address)
> 
> I am using the following settings:
> Base DN:  ou=people,dc=example,dc=com  (Should this be in quotes or other punctuation?)
> Username attribute:  uid  (again, should there be any punctuation?)
> Bind DN:  uid=zimbra,cn=admins,cn=zimbra  (This is what I use in Apache Directory Studio.  I’ve also tried leaving this blank.)
> Bind password:  password for the Bind DN that works in Apache DS.
> Not using TLS
> Search for UserDN:  I have tried this both ways.  I think I understand that I could do anonymous binds (not entering a Bind DN and Password) and check this box to just bind with the user’s info.
> Auth and Email Search Filters:  I have tried various combinations.  What should I enter here?  Please include all punctuation.
> 
> Then, based on any settings you suggest, should I check the box to Split the Address?
> 
> Sorry I’m so dense!  If someone can provide the correct settings, I’m sure this will help me and others who may need this in the future.
> 
> So far, I’m liking Baruwa, but would appreciate more examples in the documentation.  Thank you for any help that can be provided!

Hi Brad,

This is the community list, in future please use the enterprise edition list at https://lists.baruwa.com

Based on the info you have provided.

Base DN: ou=people,dc=example,dc=com
Bind DN: uid=zimbra,cn=admins,cn=zimbra - This looks dodgy to me you cannot have 2 cn= i would double check this.
Username attribute: uid
Bind Password: Password for the above bind DN
Auth Filter: uid=%u
Email Search Filter: mail=%n

You need to split the address because the uid is just the local_part not local_part at domain

You don't have to quote anything.

- Andrew
On 27 May 2015, at 12:20 AM, Andrew Colin Kissa <BARUWA MAILFW has detected a possible fraud attempt from "lists.baruwa.org" claiming to be andrew at topdog.za.net> wrote:

> Email Search Filter: mail=%n

Make that mail=%u@%d

%n is not available to the Email filter.


_______________________________________________
http://pledgie.com/campaigns/12056
Loading...