Long Shot - Evolution & Zimbra GAL

scottalanmiller

Well I just installed Evolution. I've never used it so will have to poke around a bit.

anthonyh

I just tried setting up LDAP address book in Thunderbird and cannot get it to work. So, I suspect it's something with Zimbra and not Evolution, but we'll see. Here is their official wiki article on specifically setting up the GAL in Thunderbird:

https://wiki.zimbra.com/wiki/Configure_Zimbra_GAL_as_LDAP_addressbook_in_Thunderbird

scottalanmiller

@anthonyh said in Long Shot - Evolution & Zimbra GAL:

I just tried setting up LDAP address book in Thunderbird and cannot get it to work. So, I suspect it's something with Zimbra and not Evolution, but we'll see. Here is their official wiki article on specifically setting up the GAL in Thunderbird:

https://wiki.zimbra.com/wiki/Configure_Zimbra_GAL_as_LDAP_addressbook_in_Thunderbird

What kind of errors do you get?

scottalanmiller

Are you sure that you have remote access to LDAP?

anthonyh

@scottalanmiller said in Long Shot - Evolution & Zimbra GAL:

@anthonyh said in Long Shot - Evolution & Zimbra GAL:

I just tried setting up LDAP address book in Thunderbird and cannot get it to work. So, I suspect it's something with Zimbra and not Evolution, but we'll see. Here is their official wiki article on specifically setting up the GAL in Thunderbird:

https://wiki.zimbra.com/wiki/Configure_Zimbra_GAL_as_LDAP_addressbook_in_Thunderbird

What kind of errors do you get?

@scottalanmiller said in Long Shot - Evolution & Zimbra GAL:

Are you sure that you have remote access to LDAP?

I've made sure that port 389 is open with firewalld on the Zimbra server. I don't believe there is anything else that would prevent communication since I'm on the same internal network as it (well, different subnet, but there shouldn't be anything in the way is what I mean).

I haven't done any hard core debugging, but it just doesn't seem to authenticate. When it prompts for me to enter my password, I enter my password and it asks again...and again...and again. I'm using the right password, I swear.

scottalanmiller

@anthonyh said in Long Shot - Evolution & Zimbra GAL:

@scottalanmiller said in Long Shot - Evolution & Zimbra GAL:

@anthonyh said in Long Shot - Evolution & Zimbra GAL:

I just tried setting up LDAP address book in Thunderbird and cannot get it to work. So, I suspect it's something with Zimbra and not Evolution, but we'll see. Here is their official wiki article on specifically setting up the GAL in Thunderbird:

https://wiki.zimbra.com/wiki/Configure_Zimbra_GAL_as_LDAP_addressbook_in_Thunderbird

What kind of errors do you get?

@scottalanmiller said in Long Shot - Evolution & Zimbra GAL:

Are you sure that you have remote access to LDAP?

I've made sure that port 389 is open with firewalld on the Zimbra server. I don't believe there is anything else that would prevent communication since I'm on the same internal network as it (well, different subnet, but there shouldn't be anything in the way is what I mean).

I haven't done any hard core debugging, but it just doesn't seem to authenticate. When it prompts for me to enter my password, I enter my password and it asks again...and again...and again. I'm using the right password, I swear.

What does...

netstat -tulpn

Tell you?

anthonyh

I see a bunch of active connections, but nothing over port 389.

If I do the following from my workstation, I get "ldap_bind: Invalid credentials (49)"

ldapwhoami -x -h mail.ourserver.org -D uid=myuser,ou=people,dc=ourserver,dc=org -W

or

ldapsearch -x -h mail.ourserver.org -D uid=myuser,ou=people,dc=ourserver,dc=org 'objectClass=*' -W

We do use external authentication (Active Directory). I wonder if that has something to do with it. The last time I set this up was, literally, over 5 years ago. Back then, I believe, Zimbra allowed unauthenticated binds. I suppose I could modify the LDAP config to allow that again?

Hmmm...

scottalanmiller

@anthonyh said in Long Shot - Evolution & Zimbra GAL:

I see a bunch of active connections, but nothing over port 389.

Then LDAP isn't available as a service to connect to yet.

scottalanmiller

@anthonyh said in Long Shot - Evolution & Zimbra GAL:

We do use external authentication (Active Directory). I wonder if that has something to do with it.

That would be my guess.

StrongBad

Does Zimbra disable its own LDAP service when it uses Microsoft's instead?

anthonyh

@StrongBad said in Long Shot - Evolution & Zimbra GAL:

Does Zimbra disable its own LDAP service when it uses Microsoft's instead?

It does not. Zimbra is heavily dependent on its LDAP setup. I don't know how the AD authentication piece works, but I do know accounts, distribution lists, aliases, etc, are all in its local LDAP database.

Back in the day at my previous job where we were using the GAL via external mail clients (Thunderbird, to be exact), no authentication was required to bind to Zimbra's LDAP. I forget which version changed that, if it was version 7 or version 8.

anthonyh

Yep, it's not working due to using external authentication. Looks like I may need to create a dummy account to authenticate to Zimbra's LDAP, which is not terrible (but not ideal).

https://bugzilla.zimbra.com/show_bug.cgi?id=50248

anthonyh

Used the local admin account to bind, and GAL address autocompletion works in Evolution and Thunderbird. So, thats good. Now to create that dummy account...