carbonio ce and ext...
 
Notifications
Clear all

carbonio ce and external ldap auth filters and routing

2 Posts
1 Users
0 Likes
355 Views
 KAV
(@kav)
Joined: 12 months ago
Posts: 7
Topic starter  

I've added a few domains.
For some, I decided to use external LDAP authentication using zimbraAuthLdapSearchFilter and zimbraAuthLdapSearchBindDn.

But authentication only uses the primary domain filter (the first domain added):

 

add main domain: @domain.com + zimbraAuthLdapSearchFilter 

add another domain: @domain2.com + zimbraAuthLdapSearchFilter 

Try to auth to mailX@domain.com -> In the external LDAP logs, I see that carbonio sends to external LDAP the zimbraAuthLdapSearchFilter for domain.com

Try to auth to mailY@domain2.com -> In the external LDAP logs, I see that carbonio sends to external LDAP the zimbraAuthLdapSearchFilter for domain.com!

I use In Carbonio23.5

 

Is this normal behavior or error?


   
Quote
 KAV
(@kav)
Joined: 12 months ago
Posts: 7
Topic starter  

And there is one more question. Authentication routing when using an external server and multiple application servers:

 

1. add main domain: @domain.com + zimbraAuthLdapSearchFilter on server1 (with carbonio-appserver and carbonio-user-management)

2. add another domain: @domain2.com + zimbraAuthLdapSearchFilter on server2 (with carbonio-appserver and carbonio-user-management)

3. Try to auth to user "mailY" with password from external LDAP account -> in the external LDAP logs a message about a successful BIND operation. But in mailbox.log on server1 there is an authentication error message. And this is understandable, since this server does not have this user.
4. Try to auth to mailY@domain2.com with password from internal LDAP account -> Success: "Authentication successful for user mailY" in mailbox.log on server1 and all other users actions logs to mailbox.log on server2.

Looks like routing issues when authenticating using external LDAP and several app servers.

This post was modified 11 months ago by KAV

   
ReplyQuote