Ping a Specific Port

Question

hfranco

Asked: 2010-06-25 13:42:37 +0800 CST2010-06-25 13:42:37 +0800 CST 2010-06-25 13:42:37 +0800 CST

LDAP + Zimbra authentication

772

I'm trying to configure external LDAP authentication from my LDAP box through Zimbra. Both servers are running on CentOS.

The Zimbra wiki has documentation but it's still leaving me puzzled.

http://wiki.zimbra.com/wiki/LDAP_Authentication#Configuring_external_LDAP_authentication

This is what my ldapsearch consist of:

ldapsearch -x -D cn=Manager,dc=domain,dc=com -y pass -H ldap://ldap.domain.com -b dc=domain,dc=com '(&(objectClass=JammMailAlias)([email protected]))'

Any idea what the right filter would be? I'm pulling my hair trying to figure this out.

Here's the output of the ldapsearch above:

$ ldapsearch -x -D cn=Manager,dc=domain,dc=com -y pass -H ldap://ldap.domain.com -b dc=domain,dc=com '(&(objectClass=JammMailAlias)([email protected]))'
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=com> with scope subtree
# filter: (&(objectClass=JammMailAlias)([email protected]))
# requesting: ALL
#

# [email protected], domain.com, hosting, domain.com
dn: [email protected],jvd=domain.com,o=hosting,dc=domain,dc=com
objectClass: JammMailAlias
objectClass: top
mail: [email protected]
cn: Marketing Team
accountActive: TRUE
maildrop: bob
maildrop: john
maildrop: amy

lastChange: 1277317208

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Here's an ldapsearch for a user:

$ ldapsearch -x -D cn=Manager,dc=domain,dc=com -y pass -H ldap://ldap.domain.com -b dc=domain,dc=com '(&(objectClass=JammMailAccount)([email protected]))'
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=com> with scope subtree
# filter: (&(objectClass=JammMailAccount)([email protected]))
# requesting: ALL
#

# [email protected], domain.com, hosting, domain.com
dn: [email protected],jvd=domain.com,o=hosting,dc=domain,dc=com
objectClass: JammMailAccount
objectClass: top
mail: [email protected]
cn: Hank Franco
homeDirectory: /home/domains/domain.com/hfranco
delete: FALSE
lastChange: 1218909596
mailbox: domain.com/hfranco/
userPassword:: e01ENX1zWlQzcEk4M2FNOFV3U3gzK0NqaUtRPT0=
accountActive: TRUE

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

1 Answers

Voted

James · Answer 1 · 2010-06-25T14:02:59+08:00

Best Answer

James

2010-06-25T14:02:59+08:002010-06-25T14:02:59+08:00

Something like (uid=%u) should work, or given your ldapsearch example, perhaps (&(objectClass=JammMailAlias)(mail=%[email protected]))

Zimbra replaces the %u with the username that is attempting to authenticate, and then does a search/bind as that user to authenticate.

Edit:

In your setup, you should be able to use (mail=%[email protected]) as your search filter.

You can test this by running something like ldapsearch -x -D cn=Manager,dc=domain,dc=com -y pass -H ldap://ldap.domain.com -b dc=domain,dc=com '([email protected])' - it should return just the one entry above.

3

LDAP + Zimbra authentication

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?