EzDevInfo.com

zimbra interview questions

Top zimbra frequently asked interview questions

Is it possible to store Zimbra users in an external LDAP server?

Our system is using a LDAP server (OUD) and we're bringing Zimbra to the system. However, Zimbra use its default LDAP server (OpenLDAP). That's is paintul with 2 LDAP servers which store same user information.

Is there any way that Zimbra store its users in an external LDAP server?

Many thanks


Source: (StackOverflow)

GoDaddy SSL Cert Not Working With Java

UPDATE 1/26/2015 -- It appears the most recent JRE/JDK for Java 8 (update >= 31) and JRE/JDK for Java 7 now include the Godaddy G2 CA server in the default trust store. If possible, it's urged you upgrade your JRE/JDK to the latest Java 8 update to resolve this issue.

UPDATE 11/29/2014 -- This is still a problem, and Godaddy appears to not care nor will do anything about it. There is a blog post here by Godaddy VP of Security Products from several months ago saying a fix was on it's way and provided a temporary work-around, but as-of today nothing has changed. It is important to note that Godaddy's G2 CA server has been around for a minimum of 5 years, and in that time Godaddy has not taken the proper steps to resolve this known issue. The work-around provided is just that, a work-around, not a solution. Users of 3rd party services have zero control over how the cert is installed on the server.

It seems users should avoid purchasing Godaddy SSL certs until they get serious about being a CA.

Here is their SSL team's contact info if you feel inclined to call:

GoDaddy SSL Team Support Number: 1-480-505-8852 -- Email: ra@godaddy.com

UPDATE 9/17/2014 -- This is still a problem, and Godaddy appears to not care nor will do anything about it. Come November when Google deprecates all SHA-1 certs, this will become a major issue. I highly recommend anyone who can contact Godaddy and point them here.

~

tl;dr; - final update with current solution/workaround at the bottom of this post (it is a GoDaddy problem and there is a workaround until they fix it)

I have a mail server that I'm attempting to send mail through from my Java app. I can sent on port 25 successfully so I know code works and all, but 25 is not encrypted session. I need to use TLS on port 587 which requires an SSL cert. I have a valid SSL Cert on the server that is signed by GoDaddy G2 CA and has been in place for a while now (no problems).

My issue, is I'm getting the famed PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target error message when trying to connect and send mail on 587.

From my understanding of many SO links as well as normal google-fu, this is usually caused when Java doesn't trust the cert or CA -- as is common for a self-signed cert. I've used several of the online SSL Cert checkers to make sure the chain is valid, etc. All appears to be normal... but java will not use the cert automatically.

I am aware there is a class file somewhere from Sun that will download and setup the cert in the local keystore so java will trust it... but this is not only impractical for an app that will be deployed to multiple systems, but is just silly for a Godaddy signed cert.

What's going on? How can I make java use the valid cert on the server without having to make java accept all certs?

EDIT: I just looked in my windows Java Control Panel (default install of jdk 7) and sure enough, under Signer CA the Issued By: The Go Daddy Group, Inc. Go Daddy Class 2 Certification Authority is listed... so what gives? My cert is a Godaddy cert...

UPDATE --

Here's the cert chain as-seen from openssl command recommended in comments:

~]# openssl s_client -connect smtp.somecompany.com:587 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/OU=Domain Control Validated/CN=smtp.somecompany.com
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
 3 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
---

Looks ok to me I think...

UPDATE 2 --

Ok, thanks to @Bruno I was able to determine my chain was messed up -- I re-keyed the server and now my chain appears as such:

 ~]# openssl s_client -connect smtp.somecompany.com:587 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/OU=Domain Control Validated/CN=smtp.somecompany.com
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
---

Which looks better than before. -- Java still throws the same exception about the cert path, etc. So it appears that the G2 cert chain is not, by default, trusted yet in java 7's default keystore.

FINAL UPDATE FOR COMPLETENESS @ 1/14/2014

Just as an update - This is indeed a GoDaddy problem (I've had lengthy support emails with them). They have 2 CA servers, one called Class 2 CA and the other called G2 CA. Their Class 2 CA signs all SHA-1 certificates, while the G2 CA signs all their SHA-2 certificates. This is where the problem lies - GoDaddy has not added their newer G2 CA server to the default java truststore - causing default java installations to not trust it's authority, and hence, does not trust your chained certificate. The work-around until GoDaddy adds the G2 CA server to the default truststore is to simply rekey your cert using SHA-1 as-to get a cert signed by the Class 2 CA server. Rekeying is free for GoDaddy customers until your cert expires (obviously).


Source: (StackOverflow)

Advertisements

WSO2 identity server bridge with zimbra

Would someone be so kind and explain me how to deploy zimbra collaboration suite into wso2 identity server? I know how to make zimbra to use external ldap server, but i do not know exactly how to make a saml sso bridge between them and put the zimbra into the Authorized Apps tab.I am looking forward to hearing from you.Thank you in advance!

Edit:

Since i haven't found any solution to integrate zimbra with saml sso, i used their SSO Preauth way, more info at http://wiki.zimbra.com/wiki/Preauth


Source: (StackOverflow)

zimbra calendar api?! soap java

I've a question about the soap-java implementation for zimbra.

I'm writing a java-client which should show calendar entries from a USER. for example: user=testuser, all entries between 01.01.2011 and 31.01.2011.

I searched the web, but Zimbra SOAP API doesn't have any good documentation...

PS: connection is ok, i could send a mail from my java application


Source: (StackOverflow)

Move usr/bin/java in Terminal

After updating to OS X 10.11, my java stopped working. I read multiple places that I should do a:

sudo mv /usr/bin/java /usr/bin/java.old
sudo ln -ns /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java /usr/bin/java

But the issue is when I run the first line of code, I just get:

mv: rename /usr/bin/java to /usr/bin/java.old: Operation not permitted

Any ideas what I can do to fix this?


Source: (StackOverflow)

Getting started with Zimbra API

I am wondering how I can go about using the Zimbra API. I have looked everywhere for an API, and I have found no good references/tutorials about it.

I have a web application that I have developed in Ruby on Rails that I would like to communicate to Zimbra in order to fetch the calendar items to put in my own Calendar interface from within my application.

Can I do this ? and where can I start ?


Source: (StackOverflow)

Building Zimbra

I want to know why in the Zimbra Wiki only specific platforms are listed for build process. This means that building Zimbra on other for example Linux distributions is impossible? What is the real reason behind the choice of a special Linux distribution for building Zimbra by the Zimbra community?


Source: (StackOverflow)

Hijri (Persian calendar) For DwtCalendar.js

This is a DHTML Gregorian calendar widget. I'm trying to make an Hijri (Persian Calendar - Jalali) widget. Does anyone have any ideas?


Source: (StackOverflow)

Zimbra SOAP API - java?

I need to use the Zimbra Soap API for a new feature we're working on. However, I have not been able to find a lot of examples of Java clients using this API and I am overall a bit lost as to what I need to look into. (I am pretty new to using SoAP in general)

Basically, I will need to send a username and get some sort of zimbra ID for the user, modify user info with my java code, and then push that data back to the server.

I have found the wsdl files for this on the server, but I'm not sure where to go from here. Any help would be appreciated - anything from high level explanations to examples to detailed steps.

Thanks in advance!


Source: (StackOverflow)

Allowing emails with a plus (+) symbol to land in the same Zimbra mailbox

I want to allow emails like myusername+something@mydomain.com instead of simply myusername@mydomain.com using Zimbra - this is a feature on Gmail.

Does anyone where to begin looking to allow this to work? Postfix?


Source: (StackOverflow)

How to update contacts in Zimbra by scripting? [closed]

I have a Zimbra installation and I need to programmaticaly update contacts in it. It seems that its REST interface is only working to add new contacts, but I need to update existing ones. Is there a way, tool or something, open-source, to do that ?


Source: (StackOverflow)

Samsung Galaxy S II (Android 2.2.3) with MS Exchance Mail Account Zimbra Server


In my Samsung S2 I have a Microsoft Exchange Mail Account and use a Zimbra Mail Server. The standard email app doesn’t render my html mail. I get all the html source code with the mail text. The synchronization with my calendar and mails works perfectly. I installed a second mail app called “touchdown” (only 30 day trial) which is able to render the mails correctly. So I guess it’s not the fault of Zimbra. Does anybody know why I can’t render the mails with the standard mail app? And more important – is there a way or workaround to chance the rendering for html mails? Help would be much appreciated.

bye


Source: (StackOverflow)

Log into Zimbra programatically

I am creating a plugin in my website, where logged in users can view their emails. The Email Server I am developing against is Zimbra. So far, I have been able to successfully fetch and display user emails using PHP's imap_open function:

imap_open($server, $email, $password)

When a user clicks on an email link on the website, the user is navigated to the zimbra web client. However, the users will have to reenter their log-in credentials once more. I have checked my browser's cookie information, and have noticed that Zimbra sets a cookie, ZM_AUTH_TOKEN, when a user is logged in: I believe Zimbra uses this cookie to detect if a user is already logged in. In essence, my task is to eliminate this extra step of re-logging in; if there are open-source solutions, I would like to know about these as well.

Thanks.


Source: (StackOverflow)

Exporting from ZimbraOpenLDAP to OpenLdap

So, our employees use the Zimbra OpenLDAP, however, since this doesnt include PosixAccount we cant automatically link it to our Synology.

So my boss wanted me to create an OpenLDAP Database, and automatically import the Users from the ZimbraLDAP every 6 hours or so and link our Synology to this new OpenLDAP, which would also be a safe enviroment for our inters to work with LDAP.

Before you ask, I cant change the Zimbra OpenLDAP for varanty reasons.

So everything worked splendidly, the User where imported and the Synology could finally see these users. However, the password did not work. After looking over the export files i realized that Zimbra uses SSHA512 to hash the passwords, which isnt recognized by my OpenLDAP.

However, i cant seem to find any way of installing patches for it, since apparently OpenLDAP changed its structure and every information i found was outdated.

Does anybody know of an easy way to teach OpenLDAP SSHA512 with a recent installation?


Source: (StackOverflow)

Java Mail client not working on Linux

I have an email ssl client for zimbra mail server that work perfectly on windows but i got a failure authentication on linux, i had verified that all that network conf. dns, port and firewall are correct

the properties for session:

props.put("mail.smtps.host", "my.mail.server");
props.put("mail.smtps.host", "my.mail.server");
props.put("mail.smtps.starttls.enable", "true");
props.put("mail.smtps.port", "465");
props.put("mail.smtps.auth", "true");
props.put("mail.smtps.ssl.trust", "my.mail.server");

Getting the session:

Session session = Session.getDefaultInstance(props);

Transport :

Transport t = session.getTransport("smtps");
t.connect("user", "pass");
t.sendMessage(message, message.getAllRecipients());

something that got my attention when using debug, is the postfix response in the message

Windows Debug Log:

DEBUG: setDebug: JavaMail version 1.4.3 DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Sun Microsystems, Inc] DEBUG SMTP: useEhlo true, useAuth true DEBUG SMTP: trying to connect to host "my.mail.server", port 465, isSSL true 220 my.mail.server ESMTP ready. DEBUG SMTP: connected to host "my.mail.server", port: 465

meanwhile on Linux i got this:

DEBUG: setDebug: JavaMail version 1.4.3 DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Sun Microsystems, Inc] DEBUG SMTP: useEhlo true, useAuth true DEBUG SMTP: trying to connect to host "my.mail.server", port 465, isSSL true 220 my.mail.server ESMTP Postfix DEBUG SMTP: connected to host "my.mail.server", port: 465

i would appreciate any help.


Source: (StackOverflow)