external ldap auth against Sun DSEE
Posted: Tue Oct 23, 2007 1:53 pm
I have problem configuring Zimbra-4.5.8 GA on Centos5 to authenticate users against Sun Directory Server (DSEE).
I have configured according to LDAP Authentication - Zimbra :: Wiki and have DSEE filled with users and groups. I can use /opt/zimbra/openldap/ldapsearch to test authentication of the users, like:
---
/opt/zimbra/bin/ldapsearch -h 192.168.1.203 -x -D 'uid=seriv,ou=people,dc=outspark,dc=com' -w'testing' -b 'ou=people,dc=outspark,dc=com' '(uid=seriv)' '*' -LLL
dn: uid=seriv,ou=People,dc=outspark,dc=com
uid: seriv
cn: seriv
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 13803
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 505
gidNumber: 506
homeDirectory: /home/seriv
---
But when I'm trying to test authentication, I'm getting java error message window with the following text:
---
javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'ou=People,dc=outspark,dc=com'
at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:305)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:151)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:55)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1948)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1810)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at com.zimbra.cs.account.ldap.LdapUtil.searchDir(LdapUtil.java:1005)
at com.zimbra.cs.account.ldap.LdapUtil.ldapAuthenticate(LdapUtil.java:268)
at com.zimbra.cs.account.ldap.Check.checkAuthConfig(Check.java:142)
at com.zimbra.cs.service.admin.CheckAuthConfig.handle(CheckAuthConfig.java:43)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:266)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:163)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:85)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:220)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:152)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:619)
---
This seems to me as an error in zimbra collaboration suite.
If I switch to binding with administrator's bind DN, the message looks the same.
In Sun's DS log I see only attempts to connect, like:
---
[23/Oct/2007:11:04:27 -0700] conn=41 op=-1 msgId=-1 - fd=14 slot=14 LDAP connection from 192.168.1.203:50671 to 192.168.1.203
---
and sometimes - successfull binding.
--
WBR,
Sergey Ivanov
I have configured according to LDAP Authentication - Zimbra :: Wiki and have DSEE filled with users and groups. I can use /opt/zimbra/openldap/ldapsearch to test authentication of the users, like:
---
/opt/zimbra/bin/ldapsearch -h 192.168.1.203 -x -D 'uid=seriv,ou=people,dc=outspark,dc=com' -w'testing' -b 'ou=people,dc=outspark,dc=com' '(uid=seriv)' '*' -LLL
dn: uid=seriv,ou=People,dc=outspark,dc=com
uid: seriv
cn: seriv
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 13803
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 505
gidNumber: 506
homeDirectory: /home/seriv
---
But when I'm trying to test authentication, I'm getting java error message window with the following text:
---
javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'ou=People,dc=outspark,dc=com'
at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:305)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:151)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:55)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1948)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1810)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at com.zimbra.cs.account.ldap.LdapUtil.searchDir(LdapUtil.java:1005)
at com.zimbra.cs.account.ldap.LdapUtil.ldapAuthenticate(LdapUtil.java:268)
at com.zimbra.cs.account.ldap.Check.checkAuthConfig(Check.java:142)
at com.zimbra.cs.service.admin.CheckAuthConfig.handle(CheckAuthConfig.java:43)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:266)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:163)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:85)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:220)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:152)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:619)
---
This seems to me as an error in zimbra collaboration suite.
If I switch to binding with administrator's bind DN, the message looks the same.
In Sun's DS log I see only attempts to connect, like:
---
[23/Oct/2007:11:04:27 -0700] conn=41 op=-1 msgId=-1 - fd=14 slot=14 LDAP connection from 192.168.1.203:50671 to 192.168.1.203
---
and sometimes - successfull binding.
--
WBR,
Sergey Ivanov