[ZendTo] {Disarmed} Re: LDAP

Brad Beckenhauer bbecken at aafp.org
Tue Aug 3 17:08:08 BST 2010 

Ok I get the following warning when connecting usign your new code.
 
Warning: ldap_start_tls() [function.ldap-start-tls ( http://172.22.12.2/function.ldap-start-tls )]: Unable to start TLS: Connect error in /opt/zendto/lib/NSSLDAPAuthenticator.php on line 199.
 
Line 199 points to a ldap_start_tls code block that appears twice in the library.
 
        if ( ldap_start_tls($ldapConn) ) {
 
I've tried using setting the authLDAPUseSSL set to both true and false, both fail.  I'm not sure if it is honoring the false setting yet.
 
I currently authenticate to my LDAP server using HTTP, so I know it works (my ldap server is SLES 10 running edirectory).
 
Here is the relevant line from my Apache conf file connecting on port 389 that works. (IP's and ou's are munged)
 
AuthLDAPUrl "ldap://191.168.19.13:389/ou=Admin,o=TEST?uid"
 
my preferences.php line looks like:
 
'authLDAPBaseDN'           => 'ou=Admin,o=TEST',
 
I'll try to work on this later this afternoon.
 
thanks
Brad

>>> On 8/3/2010 at 9:57 AM, in message <4C582E73.7090101 at ZendTo.com>, Jules <Jules at zendto.com> wrote:



On 03/08/2010 15:48, Brad Beckenhauer wrote: 

Hi Jules,
 
I noticed that there is a authenticator /lib/NSSLDAPAuthenticator.php but the preferences.php file does not have a corresponding section on implementing it.
I've never had an LDAP server to test it against. If you fancy contributing the section, then that would be much appreciated!


   I have access to SLES servers that supports OPEN LDAP and thought I'd give it a whirl instead of the AD or IMAP authenticators.
 
The NSSADAuthenticator.php has a section on howto implement it in the preferences.php file but the NSSLDAPAuthenticator.php does not have an example.
It should be much the same as the AD one, as that uses LDAP anyway.


 
I'm going to "try" configuring the LDAP Auth in the preferences.php as I have SLES system I can authenticate against.
 
I'm "guessing" that the preferences file needs something like the below to work:
 
  //
  // Settings for the LDAP authenticator.
  //
  //  "authLDAPServers"     Array of hostnames to try binding to
  //  "authLDAPBaseDN"      Base distinguished name for search/bind
  //  "authLDAPAdmins"      Cheap way to grant admin privs to users; an
  //                        array of uname's
  'authenticator' => 'LDAP',
  'authLDAPServers'          => array('192.168.1.1','192.168.1.2'),
  'authLDAPBaseDN'           => 'ou=users,o=domain',
  'authLDAPUseSSL'           => false,              <<<<<  option does not appear to be currently supported in v3.59
That looks good. If you gunzip the attached file and drop it on the top of your /opt/zendto/lib/NSSLDAPAuthenticator.php file, then you should get the "authLDAPUseSSL" option you want.


 
Can the LDAP library be tweaked to allow the use of the authLDAPUseSSL option in the preferences file? (If my humble interpretation that it is not currently implemented is correct).
Done, see above.

If it works, please let me know and I'll put it in the next release.
Jules

-- 
Julian Field MEng CITP CEngwww.ZendTo.com
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20100803/2bfe442f/attachment-0001.html

More information about the ZendTo mailing list