Forums
Zextras Carbonio
Install & Setup
Carbonio auth AD
 
Notifications
Clear all

Carbonio auth AD

 
Install & Setup
Last Post by cmenghi 2 days ago
4 Posts
2 Users
0 Reactions
86 Views
RSS
 cmenghi
(@cmenghi)
Joined: 4 months ago
Posts: 3
Topic starter 11/19/2024 18:00  

Hi, i following to use external AD as auth https://docs.zextras.com/carbonio/html/admincli/ldap.html i succed to connect and create the accounts of the groups, but when i tried to login i see an error related to empty userPass, so investigating, the AD ldap don't use anymore this attibute, insted use unicodePwd, but the documentation says:

“The unicodePwd attribute is never returned by an LDAP search” ( http://msdn.microsoft.com/en-us/library/cc223248.aspx)

The domainlevel of the server is 2016.

any idea how to solve it?

 

Carbonio CE 24.9.1


   
Quote
 cmenghi
(@cmenghi)
Joined: 4 months ago
Posts: 3
Topic starter 11/20/2024 22:27  

Conf i made, we want to use mail instead of samaccountname.

carbonio prov cd c.dominio.com
carbonio prov md c.c.dominio.com zimbraAuthMech ad
carbonio prov md c.dominio.com zimbraAuthLdapBindDn %u@dominio.com
carbonio prov md c.dominio.com zimbraAuthLdapSearchBase 'DC=dominio,DC=com'
carbonio prov md c.dominio.com zimbraAuthLdapSearchBindDn 'CarboniumBindDn@dominio.com'
carbonio prov md c.dominio.com zimbraAuthLdapSearchBindPassword ''
carbonio prov md c.dominio.com zimbraAutoProvLdapSearchFilter '(&(objectClass=user)(objectCategory=person)(memberOf=CN=Usuarios_de_Correo,CN=Users,DC=dominio,DC=com)(mail=%u))'
carbonio prov md c.dominio.com zimbraAuthLdapURL ldaps://srv-win-dc.dominio.com:3269

2024-11-20 15:01:56,465 INFO [qtp1251502504-581] [name=cristian.menghi@c.dominio.com;ip=10.250.0.14;oip=12.200.0.19;port=53816;soapId=32e79789;] account - Error occurred during authentication: authentication failed for [cristian.menghi@c.dominio.com]. Reason: external LDAP auth failed, LDAP error: - unable to ldap authenticate: 80090308: LdapErr: DSID-0C09050E, comment: AcceptSecurityContext error, data 52e, v4f7c.
2024-11-20 15:01:56,465 WARN [qtp1251502504-581] [name=cristian.menghi@c.dominio.com;ip=10.250.0.14;oip=12.200.0.19;port=53816;soapId=32e79789;] account - ad auth for domain c.dominio.com failed, fall back to zimbra default auth mechanism
2024-11-20 15:01:56,467 INFO [qtp1251502504-581] [name=cristian.menghi@c.dominio.com;ip=10.250.0.14;oip=12.200.0.19;port=53816;soapId=32e79789;] account - Error occurred during authentication: authentication failed for [cristian.menghi@c.dominio.com]. Reason: missing userPassword.


   
ReplyQuote
 renandelfino
(@renandelfino)
Joined: 3 weeks ago
Posts: 1
11/29/2024 19:22  

Hi! Did you manage to find a solution for the issue? I'm with the same.


   
ReplyQuote
 cmenghi
(@cmenghi)
Joined: 4 months ago
Posts: 3
Topic starter 12/19/2024 21:02  

@renandelfino No my friend, i create all the user by script and setpup a temporal password and set a expiration in 3 days.


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic