[SOLVED] Password Not being Changed in external LDAP by zimbra server

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
sjangra
Posts: 24
Joined: Sat Sep 13, 2014 2:00 am

[SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by sjangra »

Password Not being Changed in external LDAP by zimbra server. everything else works fine.
Any Help....
Can anyone tell , is it possible to change the "Change Passowrd" link to my own page which will change the external LDAP password. if yes, then where (which directory) contains the source code to change the link.
Please help guys......

Thanks.....
phoenix
Ambassador
Ambassador
Posts: 27262
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

[SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by phoenix »

[quote user="sjangra"]Password Not being Changed in external LDAP by zimbra server. everything else works fine.[/QUOTE]That isn't currently a supported function (search bugzilla for the RFE and vote on it), you'll currently have to write a script to synchronise the passwords.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
sjangra
Posts: 24
Joined: Sat Sep 13, 2014 2:00 am

[SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by sjangra »

can i have the script please !!!
phoenix
Ambassador
Ambassador
Posts: 27262
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

[SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by phoenix »

[quote user="sjangra"]can i have the script please !!![/QUOTE]I don't have one, there might be one in the forums if you search.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
sjangra
Posts: 24
Joined: Sat Sep 13, 2014 2:00 am

[SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by sjangra »

I found the below script !!! thanks...
#!/bin/bash
# This script allows the syncing of the Zimbra password database (OpenLDAP)

# with an external LDAP database (I use an external OpenLDAP) in a three step

# procedure. It's not *that* user friendly, so I hope you have some idea of

# how scripts work.

#

# The script searches (ldapsearch) whih user has changed his password in the

# last TIME seconds (i.e. TIME=300 for 5 minutes)

#

# The output passes through sed to create a correct ldif. This means adding

# the "changetype: modify" and "replace: userPassword" strings. In case your

# password filed has a different name, change the "userPassword" string in

# the sed line accordingly.

#

# Lastly, the ldapmodify command feeds the ldif created by sed to the external

# server.

#

# Written gy Gerasimos Melissaratos (gmelis72 at gmail dot com)
# Change variables accordingly
# Time since which to search for changed passwords. i.e. TIME=300 means the

# user has changed his password in the last 5 minutes. Adjust your crontab

# accordingly, for example if you run this script every 10 minutes (instead

# of 5 like I do) change TIME to 600 (min*60)

TIME=300
# This is the address where the zimbra ldap is listening. If you have installed

# zimbra on a cluster, use the cluster IP

ZIMBRA_LDAP="ldap://cluster.mfa.gr"
# This is the basically the domain you you want to search. i.e. if you have the

# zimbra domain foo.org, enter "dc=foo,dc=org"

ZIMBRA_BASEDN="dc=room,dc=gr"
# The password to use to connect to the zimbra ldap server. The user is

# "cn=config" as this is the rootdn for the zimbra ldap, and the password

# --which you probably do not know-- can be changed by changing the file

# /opt/zimbra/conf/slapd.conf.in. Just locate the line starting with

# "rootpw" and change the string starting with "{SSHA}" with the password

# you wish to have

ZIMBRA_ROOTPW='zimbra_ldap_password'
# The address of the external ldap server

EXTERNAL_LDAP="ldaps://myldapserver.room.gr"
# The credentials to use. That is the credentials to bind to your ldap server,

# which of course you know. All it needs is to have enough access to change the

# userPassword field. It can be the rootdn

EXTERNAL_LDAP_BINDDN="cn=root,dc=room,dc=gr"
# The password to use for the aforementioned credentials. Since passwods may include

# special characters I used single quotes

EXTERNAL_LDAP_PASSWD='myldapserver_rootpw'
ldapsearch -LLLx -H "${ZIMBRA_LDAP}" -D "cn=config" -b "${ZIMBRA_BASEDN}" -w "${ZIMBRA_ROOTPW}"

"(zimbraPasswordModifiedTime>=`date -u +%Y%m%d%H%M%SZ -d "-${TIME} sec"`)" userPassword |

sed -e '/ou=people,dc=mfa,dc=gr$/achangetype: modify
replace: userPassword' |

ldapmodify -x -H "${EXTERNAL_LDAP}" -D "${EXTERNAL_LDAP_BINDDN}" -w "${EXTERNAL_LDAP_PASSWD}"

shawnchu
Posts: 3
Joined: Sat Sep 13, 2014 2:10 am

[SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by shawnchu »

The script works fine when zimbra ldap and external ldap with same BaseDN and ou.
But my zimbra ldap BaseDN is ou=people,dc=group,dc=example,dc=com

my openldap server BaseDN is ou=teacher,dc=example,dc=com
When I running the script, It always shown an error message.

ldap_modify: No such object (32)

matched DN: dc=example,dc=com
I'd search internet for 1 week, but I still can't fix it.

Someone help me to solve this problem, please!!
Sorry for my poor English.

Thanks, Shawn
shawnchu
Posts: 3
Joined: Sat Sep 13, 2014 2:10 am

[SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by shawnchu »

Solved!!
I fix sed syntax then solved my problem.
sed -e 's/ou=people,dc=group,dc=example,dc=com/ou=teacher,dc=example,dc=com/g' |

sed -e '/ou=teacher,dc=example,dc=com$/achangetype: modify
replace: userPassword' |
thanhdv
Posts: 4
Joined: Sat Sep 13, 2014 2:17 am

[SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by thanhdv »

Hi everyone.

I'm testing a ZCS 7.1.3 OS on Ubuntu 10.04.3 64bit, and use an external OpenLdap + Samba PDC installed on OpenSUSE 11.4 to authenticate users. The connection is fine until i found out that when user change their password in Zimbra Web UI, it doesn't auto-sync to external ldap server.
I found this thread and try the above script, firstly i have problem when the ldapsearch command execute:

ldap_bind: Invalid credentials (49)

I've used the slappasswd command to generate a SSHA encrypted password and update in the folowing part of the

/openldap-2.4.26.5z/etc/openldap/slapd.conf file:



database bdb

suffix "dc=homedomain,dc=org"

rootdn "cn=Administrator,dc=homedomain,dc=org"

# Cleartext passwords, especially for the rootdn, should

# be avoid. See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw {SSHA}p7XipDi6VJCfiUpx8XGHmwIq7tnUdXUO

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory /opt/zimbra/openldap-2.4.26.5z/var/openldap-data

In the ldapsearch command, i've tried everything like -D "cn=config", -D "cn=Administrator", -D "cn=root", -D "cn=Administrator,dc=homedomain,dc=org" but the ldap_bind error keeps show up. Then i found that when i use -D "uid=admin,ou=people,dc=homedomain,dc=org", the ldapsearch command can run without error, but nothing returned and no password is updated!

ldapsearch -LLLx -H "${ZIMBRA_LDAP}" -D "uid=admin,ou=people,dc=homedomain,dc=org" -b "${ZIMBRA_BASEDN}" -w "${ZIMBRA_ROOTPW}"

"(zimbraPasswordModifiedTime>=`date -u +%Y%m%d%H%M%SZ -d "-${TIME} sec"`)"

I tried this single command and comment the 2 commands followed, but nothing returned, even when i changed the filter to "(zimbraPasswordModifiedTime>=0)" or "(zimbraPasswordModifiedTime=20111116022747Z)"

This is the exactly time string i got from the command zimbra@zimbra:/home/administrator$ zmprov ga thanhdv zimbrapasswordmodifiedtime

# name thanhdv@homedomain.org

zimbraPasswordModifiedTime: 20111116022747Z

My ldapsearch command works normally with other normal filter "cn=*" "objectClass=*" ...
Any help please !!!!!
Sorry for my bad Eng.

Thanks, thanhdv.
thanhdv
Posts: 4
Joined: Sat Sep 13, 2014 2:17 am

[SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by thanhdv »

I've made myself getting in trouble T_T .

Only cn=config can retrieve informations like zimbraPasswordModifiedTime.
User avatar
rosch
Advanced member
Advanced member
Posts: 163
Joined: Sat Sep 13, 2014 1:34 am
ZCS/ZD Version: 9.0.0.ZEXTRAS.20220713.UBUNTU20.64

Re: [SOLVED] Password Not being Changed in external LDAP by zimbra server

Post by rosch »

sjangra wrote:I found the below script !!! thanks...
#!/bin/bash
..
I would have used the code formatting, so other users can use the script instead of putting the puzzle back together :D
Post Reply