I'm trying to configure external LDAP authentication from my LDAP box through Zimbra. Both servers are running on CentOS.
The Zimbra wiki has documentation but it's still leaving me puzzled.
http://wiki.zimbra.com/wiki/LDAP_Authentication#Configuring_external_LDAP_authentication
This is what my ldapsearch consist of:
ldapsearch -x -D cn=Manager,dc=domain,dc=com -y pass -H ldap://ldap.domain.com -b dc=domain,dc=com '(&(objectClass=JammMailAlias)(mail=marketing@domain.com))'
Any idea what the right filter would be? I'm pulling my hair trying to figure this out.
Here's the output of the ldapsearch above:
$ ldapsearch -x -D cn=Manager,dc=domain,dc=com -y pass -H ldap://ldap.domain.com -b dc=domain,dc=com '(&(objectClass=JammMailAlias)(mail=marketing@domain.com))'
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=com> with scope subtree
# filter: (&(objectClass=JammMailAlias)(mail=marketing@domain.com))
# requesting: ALL
#
# marketing@domain.com, domain.com, hosting, domain.com
dn: mail=marketing@domain.com,jvd=domain.com,o=hosting,dc=domain,dc=com
objectClass: JammMailAlias
objectClass: top
mail: marketing@domain.com
cn: Marketing Team
accountActive: TRUE
maildrop: bob
maildrop: john
maildrop: amy
lastChange: 1277317208
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Here's an ldapsearch for a user:
$ ldapsearch -x -D cn=Manager,dc=domain,dc=com -y pass -H ldap://ldap.domain.com -b dc=domain,dc=com '(&(objectClass=JammMailAccount)(mail=hfranco@domain.com))'
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=com> with scope subtree
# filter: (&(objectClass=JammMailAccount)(mail=hfranco@domain.com))
# requesting: ALL
#
# hfranco@domain.com, domain.com, hosting, domain.com
dn: mail=hfranco@domain.com,jvd=domain.com,o=hosting,dc=domain,dc=com
objectClass: JammMailAccount
objectClass: top
mail: hfranco@domain.com
cn: Hank Franco
homeDirectory: /home/domains/domain.com/hfranco
delete: FALSE
lastChange: 1218909596
mailbox: domain.com/hfranco/
userPassword:: e01ENX1zWlQzcEk4M2FNOFV3U3gzK0NqaUtRPT0=
accountActive: TRUE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Best Answer
Something like
(uid=%u)
should work, or given your ldapsearch example, perhaps(&(objectClass=JammMailAlias)(mail=%u@domain.com))
Zimbra replaces the
%u
with the username that is attempting to authenticate, and then does a search/bind as that user to authenticate.Edit:
In your setup, you should be able to use
(mail=%u@domain.com)
as your search filter.You can test this by running something like
ldapsearch -x -D cn=Manager,dc=domain,dc=com -y pass -H ldap://ldap.domain.com -b dc=domain,dc=com '(mail=hfranco@domain.com)'
- it should return just the one entry above.