Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Issue using open directory and kerio mailserver
  •  
darthbator

Messages: 4
Karma: 0
Send a private message to this user
For the last few weeks I have been playing around with the kerio mailserver on one of our mac OS 10.4.7 Xserves. The Xserve I have kerio installed on is in our office DMZ (192.168.2.x). I am trying to import users from my networks open directory inside the trusted network (192.168.1.x).

So first off I built an IP alias on our cisco for the OD server inside the DMZ. I then created a rule allowing all IP traffic in between the OD server in the trust and the mailserver in the DMZ. Getting traffic across in this manner is no issue. I have been able to import user accounts from an active directory server in this manner, however I have had no luck with OD.

I have tried both password server and kerberos authentication, neither of these methods are working :( (kerberos shouldn't work as I have not setup any users with crypt password). The user I have setup is ldapadmin so I entered that into the username field along with the users password on the mailsever. The username came out looking like this.

uid=ldapadmin,cn=users,dc=iso400,dc=info

That would be correct however that is not the domain we use for the OD server. So I made the following change.

uid=ldapadmin,cn=users,dc=studio,dc=dom

I also adjusted the search suffix to reflect the correct domain for the OD server. Still no dice. I keep getting a message that reads.

Directory Server: Cannot bind to LDAP Server (invalid credentials. Check the username and password

Well the username and password I am supplying kerio with work just find on the OD server... I have no idea why it won't import this directory.

I checked the system.log and console.log on the OD server and didn't see anything terribally irregular. There are a few entries in there from /usr/sbin/PasswordService: incorrect digest response but they don't seem to corrolate between when I am trying to connect to the directory. Any help would be most appreciated.



[Updated on: Thu, 05 October 2006 08:40]

  •  
darthbator

Messages: 4
Karma: 0
Send a private message to this user
I know that it's bad form to do something like this but I wrestled with this for the majority of the day again and came up with basically nothing. If anyone could happen to help with any kind of insight it would be most apprecaited. Thanks :)
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
Try using 'diradmin' for the uid. Also is your OD domain really studio.dom? Or is it studio.com?

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
darthbator

Messages: 4
Karma: 0
Send a private message to this user
Ok I'll give diradmin a shot, however that user is not in my directory. studio.dom is the correct domain however. All DNS is done internally here so technically the .ext didn't need to be there when the zone was established. I'm not the first admin here or else they would be studio. ;)
  •  
darthbator

Messages: 4
Karma: 0
Send a private message to this user
Still no dice, nothing is turning up in the logs on the OD server either. I actually just noticed that this OD server is a member of an AD domain. (studio.dom is actually the root domain for AD). Could this potentially cause an issue?
  •  
-nob-

Messages: 25
Karma: 0
Send a private message to this user
I didnt get it running without kerberos. And if you read the Manuals, you have to change a Parameter for it on the kerio settings.

No Apple OpenDirectory without a diradmin / Directory Administrator.

And you need to have kerio OD Extensions installed on OSX Server. This distroid be two times some settings to prevtent a Directory Replacation. I didnt use it anymore, the Kerio OD Support is not ready to work with...
  •  
cchrisman

Messages: 2
Karma: 0
Send a private message to this user
I am having the same issues. I was wondering if in the domain settings under Advanced should the dns server name appear in full or should it just be the Domain.
ie: od.serverdomain.org or just serverdomain.org?
Previous Topic: error message: sbcmx4.prodigy.net: 553 5.3.0 ... Addressee unknown, relay
Next Topic: Set Caller ID
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 04:07:51 CET 2017

Total time taken to generate the page: 0.00476 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.