Error connect LDAP on Zimbra 7.2

Julio_Cesar_Arevalo · October 6, 2014, 6:44pm

Hello Everyone

I am trying to configure Rt4.2 a low zimbra ldap server is connected. But I could not do it. it connects fine, but when trying to bring the user 's authentication parameters . do not make it so the authentication fails.

I have proven several filters and searched on google but nothing . I have reviewed the application with Apache Directory Studio and user attributes are correct. and ldapsearch with the parameters described in the configuration file . and brings the user attributes perfectly . I also checked the connection between the client and server zimbra with Wireshark and I respond well . attached audit log .

attached my RT_Siteconfig .

RT_Siteconfig

Set( $rtname, ‘’);
Set( $Organization, ‘Version3.co’);
Set( $Timezone, ‘US/Pacific’);

Set( $WebDomain, ‘rt4.v3prueba.co’);

Set( $WebDomain, ‘xx.xxx.xxx.xxx’);
Set( $WebPort, 443);
Set( $WebPath, ‘’);
Set( $DatabasePassword, ‘******************’);

You must install Plugins on your own, this is only an example

of the correct syntax to use when activating them:

Plugin( “RT::Extension::SLA” );

Plugin( “RT::Authen::ExternalAuth” );

Plugin(‘RT::Authen::ExternalAuth’);
Set( @Plugins, qw(RT::Authen::ExternalAuth));

Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [‘My_LDAP’]);
Set($AutoCreateNonExternalUsers, 1);
Set($UserAutocreateDefaultsOnLogin, { Privileged => 1});
Set($LogDir, ‘/opt/rt4/var/log’);
Set($LogToFileNamed, “rt.log”);

Set($ExternalSettings, {

‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘xxxxxxxxxxxxxxxxxx.com’,
‘user’ => ‘uid=******,cn=admins,cn=zimbra’,
‘pass’ => ‘***********************’,
‘base’ => ‘ou=people,dc=version3,dc=co’,
‘filter’ => '(objectClass=)’,
‘group’ => ‘dn’,
‘group_scope’ => ‘base’,
‘group_attr_value’ => ‘dn’,
‘tls’ => 0,
‘net_ldap_args’ => [ version => 3 ],

‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
‘ExternalContactInfoId’,
‘RealName’,

‘Password’,

‘displayName’,

‘mail’,

],

‘attr_map’ => {
‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
‘ExternalContactInfoId’ => ‘dn’,
‘ExternalAuthId’ => ‘uid’,

‘Password’ => ‘userPassword’

‘WorkPhone’ => ‘telephoneNumber’,

‘Address1’ => ‘streetAddress’,

‘City’ => ‘l’,

‘State’ => ‘st’,

‘Zip’ => ‘postalCode’,

‘Country’ => ‘co’,

},
},
} );

*Log. Ldapsearch

extended LDIF

LDAPv3

base <ou=people,dc=version3,dc=co> with scope subtree

filter: (objectClass=*)

requesting: ALL

search result

search: 2
result: 0 Success

numResponses: 11

numEntries: 10

******Log. Wireshark Respond from server Zimbra *****

04…`/…uid=********,cn=admins,cn=zimbra.
*****************…a.
…0m…ch…ou=people,dc=version3,dc=co
…
…*…objectClass…uid…helpdesk@version3.co0…cn…dn…mail…uid…uid0…e.
…

I authenticate correctly with helpdesk@version3.co mail account via Web interface zimbra . so the password is correct email .

Help.

Saludos…

Cordialmente.

Logo Julio Cesar Arèvalo Blanco
Ingeniero de Infraestructura / Ingenieria
6221190 / 3124654611 · jarevalo@version3.co

Versión3.0 S.A.S
Direccion: Carrera 12 Nº 93-31
Telefono: 6221190
ecoNo me imprimas si no es necesario. Protejamos el medio ambiente

Kevin_Falcone · October 7, 2014, 2:48pm

  Plugin('RT::Authen::ExternalAuth');
  Set( @Plugins, qw(RT::Authen::ExternalAuth));

This is wrong. All it does is overwrite the first line with the
second line. Delete the second line.

'attr_match_list'  => [
            'Name',
            'EmailAddress',
            'ExternalContactInfoId',
            'RealName',

‘Password’,

‘displayName’,

‘mail’,

],

This is going to cause problems. What happens when you have two users
named John Doe? Please review the documentation

I authenticate correctly with helpdesk@version3.co mail account via Web
interface zimbra. so the password is correct email.

Instead of a wireshark dump, please provide the debug logs from RT.

-kevin

Julio_Cesar_Arevalo · October 7, 2014, 4:53pm

Thanks Kevin , check the items you suggested and now it works perfect.
I would like to know how I can configure 2 LDAP servers for authentication ? or you may chain ‘base’ configuration file RT_SiteConfig . Include two databases ldap

example

ou = people , dc = example, dc = com
ou = people , dc = example, dc = co

Saludos…

Cordialmente.

Logo Julio Cesar Arèvalo Blanco
Ingeniero de Infraestructura / Ingenieria
6221190 / 3124654611 · jarevalo@version3.co

Versión3.0 S.A.S
Direccion: Carrera 12 Nº 93-31
Telefono: 6221190
ecoNo me imprimas si no es necesario. Protejamos el medio ambiente

Julio_Cesar_Arevalo · October 7, 2014, 9:09pm

Thanks Kevin , check the items you suggested and now it works perfect.
I would like to know how I can configure 2 LDAP servers for authentication ? or you may chain ‘base’ configuration file RT_SiteConfig . Include two databases ldap

example

‘base’ ==> 'ou = people , dc = example, dc = com , ou = people , dc = example, dc = co ’

Saludos…

Cordialmente.

Logo Julio Cesar Arèvalo Blanco
Ingeniero de Infraestructura / Ingenieria
6221190 / 3124654611 · jarevalo@version3.co

Versión3.0 S.A.S
Direccion: Carrera 12 Nº 93-31
Telefono: 6221190
ecoNo me imprimas si no es necesario. Protejamos el medio ambiente

Kevin_Falcone · October 9, 2014, 4:22pm

Thanks Kevin, check the items you suggested and now it works perfect.
I would like to know how I can configure 2 LDAP servers for authentication? or
you may chain ‘base’ configuration file RT_SiteConfig. Include two databases
ldap

Set $ExternalAuthPriority and $ExternalInfoPriority to contain
multiple entries, they’re arrayrefs, so you can list 6 AD connections
to check and it will walk down them, checking them all in order.

-kevin