Forums
Zextras Carbonio
Install & Setup
LDAP User Authentic...
 
Notifications
Clear all

[Solved] LDAP User Authentication Outside the Template

 
Install & Setup
Last Post by anomaly0617 1 week ago
4 Posts
2 Users
0 Reactions
53 Views
RSS
 anomaly0617
(@anomaly0617)
Active Member
Joined: 1 year ago
Posts: 20
Topic starter 05/16/2025 15:30  

Hi there,

For reference I followed this: How to Set Up an External LDAP Authentication in Carbonio

I copied and pasted the commands into a notepad++ document and made my edits, which mostly worked great. I had to add some quotes around the LDAP items:

carbonio prov modifyDomain mydomain.net zimbraAuthMech ad
carbonio prov modifyDomain mydomain.net zimbraAuthLdapBindDn uid=%u,DC=underground,DC=local
carbonio prov modifyDomain mydomain.net zimbraAuthLdapSearchBindDn "CN=vmail,OU=Service Accounts,OU=Users,OU=Underground,DC=underground,DC=local"
carbonio prov modifyDomain mydomain.net zimbraAuthLdapSearchBindPassword [mygeneratedrandomizedpassword]
carbonio prov modifyDomain mydomain.net zimbraAuthLdapSearchBase "OU=Users,OU=MyDomain,DC=underground,DC=local"
carbonio prov modifyDomain mydomain.net zimbraAuthLdapSearchFilter sAMAccountName=%u
carbonio prov modifyDomain mydomain.net zimbraAuthLdapURL ldap://10.20.30.5:3268
carbonio prov modifyDomain mydomain.net zimbraAuthFallbackToLocal TRUE
carbonio prov modifyAccount anomaly0617@mydomain.net zimbraAuthLdapBindDn "uid=mydomain_anomaly0617,OU=Users,OU=MyDomain,DC=underground,DC=local"

 

Everything worked great until the last command:

carbonio prov modifyAccount anomaly0617@mydomain.net zimbraAuthLdapBindDn "uid=mydomain_anomaly0617,OU=Users,OU=MyDomain,DC=underground,DC=local"

When it threw the following error:

ERROR: service.FAILURE (system failure: unable to modify attrs: object class violation - unable to modify attributes: ldap host=carbonio.underground.local:389: attribute 'zimbraAuthLdapBindDn' not allowed)

 

The goal here is to link the AD account "mydomain_anomaly0617" to the email account "anomaly0617@mydomain.net", so that person can use their email address or username and password to log in to their mailbox.

What did I do wrong?

This topic was modified 2 weeks ago 2 times by anomaly0617

   
Quote
 ITGuy
(@itguy)
New Member
Joined: 11 years ago
Posts: 21
05/17/2025 10:04  

Makes me wonder why this post is marked solved. I don't see any solution provided.


   
ReplyQuote
 anomaly0617
(@anomaly0617)
Active Member
Joined: 1 year ago
Posts: 20
Topic starter 05/20/2025 18:46  

I have no idea how that happened, but from a computer interface I was able to mark the thread unsolved. From a mobile web interface, I couldn't do it.

But the problem definitely still exists. Here it is if I use zmprov instead of carbonio as the command:

zextras@bossvrmail2025:~$ zmprov ma anomaly0617@mydomain.net zimbraAuthLdapBindDn uid=mydomain_anomaly0617,OU=Users,OU=MyDomain,DC=underground,DC=local
ERROR: service.FAILURE (system failure: unable to modify attrs: object class violation - unable to modify attributes: ldap host=bossvrmail2025.underground.local:389: attribute 'zimbraAuthLdapBindDn' not allowed)

As always, help would be appreciated. 🙂

This post was modified 1 week ago by anomaly0617

   
ReplyQuote
 anomaly0617
(@anomaly0617)
Active Member
Joined: 1 year ago
Posts: 20
Topic starter 05/20/2025 19:03  

OK, I have a solution! Here's what worked.

zextras@bossvrmail2025:~$ zmprov ma anomaly0617@mydomain.net zimbraAuthLdapExternalDn "CN=Lastname\, Firstname,OU=Users,OU=MyDomain,DC=underground,DC=local"

Testing login at the user web interface with the email address and the password on that AD account worked!

Many thanks to whomever this gentleman is at this URL:

https://wiki.zimbra.com/wiki/Mgolfieri_Provisioning_with_a_username_unrelated_to_any_email_address


   
ReplyQuote
Forum Jump:
  Previous Topic