External LDAP Authentication

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
amonkiewicz2
Posts: 3
Joined: Mon Aug 07, 2017 6:16 pm

External LDAP Authentication

Post by amonkiewicz2 »

I am trying to get external LDAP authentication working and can't seem to get the test button to accept any combination of entries to authenticate a user.

To begin with, this works:

Code: Select all

atm@mail:/opt/zimbra/log$ ldapsearch -x -h ldap//s3.example.com -p 389 -D "cn=rsync,o=example" -W -b "o=example" "mail=amonkiewicz@example.com" mail
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <o=example> with scope subtree
# filter: mail=amonkiewicz@example.com
# requesting: mail
#

# ATM, example
dn: cn=ATM,o=example
mail: amonkiewicz@example.com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
So I feel like I'm on the right track.

When I right-click->domain->configure authenication I set it up as follows:
LDAP server name: ldap://s3.example.com:389
LDAP filter: mail=%u@example.com
LDAP search base: o=example

Use DN/Password to bind to external server: CHECKED
Bind DN: rsync
passwd: <the correct password, I have triple checked by pasting it into both the ldapsearch query above (which works!)>

Username: <doesn't matter, always fails>
Password: <doesn't matter, always fails>

Resulting error message: Server Message: Authentication failed. Invalid credentials (bad dn/password)

Details:

Code: Select all

com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for []
ExceptionId:qtp1068934215-1076:https:https://192.168.5.18:7071/service/admin/soap/CheckAuthConfigRequest:1502130702887:7f336431d881b58f
Code:account.AUTH_FAILED
	at com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:161)
	at com.zimbra.cs.account.ldap.LdapProvisioning.ldapAuthenticate(LdapProvisioning.java:5520)
	at com.zimbra.cs.account.ldap.LdapProvisioning.checkAuthConfig(LdapProvisioning.java:5550)
	at com.zimbra.cs.service.admin.CheckAuthConfig.handle(CheckAuthConfig.java:48)
	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:607)
	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:460)
	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:273)
	at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:303)
	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:213)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685)
	at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:169)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:116)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:117)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:473)
	at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:318)
	at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:288)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
	at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:318)
	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437)
	at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:84)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
	at org.eclipse.jetty.server.Server.handle(Server.java:517)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:192)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
	at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
	at java.lang.Thread.run(Thread.java:745)
If uncheck 'Use DN/Password to bind to external server' I get the same error message:

Code: Select all

com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException: authentication failed for []
ExceptionId:qtp1068934215-1092:https:https://192.168.5.18:7071/service/admin/soap/CheckAuthConfigRequest:1502130724320:7f336431d881b58f
Code:account.AUTH_FAILED
	at com.zimbra.cs.account.AccountServiceException$AuthFailedServiceException.AUTH_FAILED(AccountServiceException.java:161)
	at com.zimbra.cs.account.ldap.LdapProvisioning.ldapAuthenticate(LdapProvisioning.java:5520)
	at com.zimbra.cs.account.ldap.LdapProvisioning.checkAuthConfig(LdapProvisioning.java:5550)
	at com.zimbra.cs.service.admin.CheckAuthConfig.handle(CheckAuthConfig.java:48)
	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:607)
	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:460)
	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:273)
	at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:303)
	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:213)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685)
	at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:169)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:116)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:117)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:473)
	at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:318)
	at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:288)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
	at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:318)
	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437)
	at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:84)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
	at org.eclipse.jetty.server.Server.handle(Server.java:517)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:192)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
	at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
	at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
	at java.lang.Thread.run(Thread.java:745)
Top
amonkiewicz2
Posts: 3
Joined: Mon Aug 07, 2017 6:16 pm

Re: External LDAP Authentication

Post by amonkiewicz2 »

amonkiewicz2 wrote:I am trying to get external LDAP authentication working and can't seem to get the test button to accept any combination of entries to authenticate a user.

When I right-click->domain->configure authenication I set it up as follows:
LDAP server name: ldap://s3.example.com:389
LDAP filter: mail=%u@example.com
LDAP search base: o=example

Use DN/Password to bind to external server: CHECKED
Bind DN: rsync
passwd: <the correct password, I have triple checked by pasting it into both the ldapsearch query above (which works!)>

Username: <doesn't matter, always fails>
Password: <doesn't matter, always fails>
[/code]
Got it working. Didn't help that I was also trying a different username than the one in LDAP. The secret combination was:

ldap filter: (cn=%u)
Top
Post Reply

Return to “Installation and Upgrade”