Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Can´t contact LDAP Server
  •  
shifty

Messages: 17
Karma: 0
Send a private message to this user
Hello,

first the setup:

Apple XServe
Kerio 6.6.1

Client:
Mac OSX 10.5.5

The Mailserver is located at a DMZ.

I tried to setup the LDAP Directory Search in the Apple Adressbook like it is described in the Kerio Documentation.

This does not work. All I get is following text in the syslog:

Address Book[8219] [Server] Binding to server did not complete successfully: '-1:Can't contact LDAP server'

Which is strange as I see the the traffic goes through the firewall and even if I telnet the Server on Port 636 (I use sLDAP) it works.

Any ideas?

Thanks

s.

Edit: Same with "normal" LDAP on Port 389. Just tested it.

[Updated on: Mon, 24 November 2008 11:36]

  •  
pderby

Messages: 17
Karma: 0
Send a private message to this user
Be sure to quit and relaunch Address Book for each change of settings in the LDAP settings in Address Book. Going into Address Book Preferences, changing LDAP settings, then exiting preferences isn't good enough. You have to actually quite Address Book, or the new LDAP settings are not used. This is one of the few places in OS X where changing then exiting Preferences for an application doesn't refresh the settings in the application. I found this behavior to be true for both 10.5 through 10.6.2
  •  
samvenning

Messages: 41
Karma: 0
Send a private message to this user
I have had success getting Address Book (Version 501. The version that comes with Mac OS 10.6.2) to connect to Kerio MailServer 6.7.2

I've set Kerio's LDAP service to operate on 3268 (so as not to conflict with Mac OS 10.6 Server's service). I've set Kerio's SLDAP service to operate on 3269 (also, so as not to conflict with Mac OS 10.6 Server's service).

I've set the Search Base to "fn=public,fn=ContactRoot" because I want it to search just the public contacts. This is covered in Kerio Administration Guide.

I've set the Scope to 'Subtree'. Kerio's documentation doesn't touch on whether this should be set to 'Base', 'One Level' or 'Subtree'. The Kerio documentation is sadly short on this detail. Only 'Subtree' seems to work.

I've set authentication to 'Simple' and provided User Name and Password of a user account in the Kerio MailServer.

[img]index.php?t=getfile&id=1730&private=0[/img]

  •  
samvenning

Messages: 41
Karma: 0
Send a private message to this user
I have had success getting Address Book (Version 501. The version that comes with Mac OS 10.6.2) to connect to Kerio MailServer 6.7.2

I've set Kerio's LDAP service to operate on 3268 (so as not to conflict with Mac OS 10.6 Server's service). I've set Kerio's SLDAP service to operate on 3269 (also, so as not to conflict with Mac OS 10.6 Server's service).

I've set the Search Base to "fn=public,fn=ContactRoot" because I want it to search just the public contacts. This is covered in Kerio Administration Guide.

I've set the Scope to 'Subtree'. Kerio's documentation doesn't touch on whether this should be set to 'Base', 'One Level' or 'Subtree'. The Kerio documentation is sadly short on this detail. Only 'Subtree' seems to work.

I've set authentication to 'Simple' and provided User Name and Password of a user account in the Kerio MailServer.

[img]index.php?t=getfile&id=1731&private=0[/img]

  •  
samvenning

Messages: 41
Karma: 0
Send a private message to this user
As mentioned in earlier post, I've set Kerio's LDAP service to operate on 3268 (so as not to conflict with Mac OS 10.6 Server's service). I've set Kerio's SLDAP service to operate on 3269 (also, so as not to conflict with Mac OS 10.6 Server's service).

I find my Kerio installation works for a few hours then suddenly CalDAV (iCal) stops working. An error message appears
[img] http://forums.kerio.com/index.php?t=getfile&id=1763& private=0[/img]

Also Kerio Administration Console doesn't let me look at Users or Groups. I get the following error dialog box:
[img] http://forums.kerio.com/index.php?t=getfile&id=1764& private=0[/img]

I can't work out the source of the problem.

I'm getting a few errors in Kerio logs that suggest perhaps Kerio is still looking for the LDAP service at the default port 389.

In the error log:
[11/Jan/2010 07:19:23] services.cpp: Cannot start service LDAP on port 389, unable to bind service to all IP addresses

And in the debug log (with Directory Service Lookup logging enabled):
[11/Jan/2010 07:23:44][2972381184] {ldapdb} Sending LDAP search request: filter=" (&(objectclass=apple-group)(kerio-Mail-Active=*)(&(k erio-Mail-Address=mailarchive))) ", scope="sub", server="", base DN = "cn=groups,dc=server02,dc=private". ThreadId: 2972381184
[11/Jan/2010 07:23:44][2972381184] {ldapdb} Connecting to primary LDAP server server02.private:389. Protocol version: 3. Connection is not secure. Timeout: 10 sec. Thread ID: 2972381184
[11/Jan/2010 07:23:44][2972381184] {ldapdb} Search request: result='(-1) Can't contact LDAP server', filter='(&(objectclass=apple-group)(kerio-Mail-Active=*) (&(kerio-Mail-Address=mailarchive)))', scope='sub', server='', base DN='cn=groups,dc=server02,dc=private'. ThreadId: 2972381184

Does anyone have any troubleshooting suggestions? Has anyone else had this problem and solved it? Help much appreciated.

  • Attachment: error.png
    (Size: 71.85KB, Downloaded 939 times)
  • Attachment: ldaperror.png
    (Size: 17.02KB, Downloaded 1033 times)

[Updated on: Sun, 10 January 2010 21:31]

Previous Topic: SyncJe & SyncML
Next Topic: Kerio Sync Connector - problem pushing contact to KMS
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 11:37:48 CET 2017

Total time taken to generate the page: 0.00454 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.