[ZendTo] Antwort: Re: Antwort: Re: Antwort: Re: LDAPAuthorization for zendto

patrick.gaikowski at kaufland.com patrick.gaikowski at kaufland.com
Tue Dec 14 20:10:40 GMT 2010


Hi Jules,

we can live very good with that two messages. It was only a design question
from me. LDAP is now working with Authentication and Authorization. Now we
can assign a special role to users who should be able to share files
outside our domain.

You did a very good job! Now we can offer our colleagues in China a
solution for controlled file sharing.

Ah i have an additional solution for users, who use a proxy for outside
communication for captcha (validation). With that configuration you're able
to establish such a solution in LANs with no direct Internet access. I
found the code in a forum. It would be good to integrate it to source.

recaptchalib.php ...

#        $http_request  = "POST $path HTTP/1.0\r\n";
        $http_request  = "POST http://".$host.":".$port.$path."
HTTP/1.1\r\n";

#        if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10)
) ) {
        if( false == ( $fs = @fsockopen("<PROXY_IP>", "<PROXY_PORT>",
$errno, $errstr, 15) ) ) {

Now zendto sends POST to Proxy

[07/Dec/2010:21:08:26 +0100] "POST
http://www.google.com/recaptcha/api/verify HTTP/1.1" 200 528
TCP_MISS:DIRECT

Source:
http://www.greenhughes.com/content/recaptcha-drupal-and-proxy-way-make-it-all-work-together




http://www.kaufland.de

Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74149 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Amtsgericht Stuttgart HRA 104163

Diese Nachricht enthält vertrauliche Informationen und ist ausschließlich
für
den Adressaten bestimmt. Jeder Gebrauch durch Dritte ist verboten. Falls
Sie
die Daten irrtümlich erhalten haben, nehmen Sie bitte Kontakt mit dem
Absender auf und löschen Sie die Daten auf jedem Computer und Datenträger.
This message contains confidential information and is intended solely for
the
use by the addressee. Any use of this message by a third party is
prohibited.
If you receive this message in error, please contact the sender and delete
the
data from any computer and data carrier.



                                                                           
   Jules <Jules at zend.to>                                                   
   Gesendet von:                                                           
   zendto-bounces at zend.to                                                  
                                       ZendTo Users <zendto at zend.to>       
                                                                           
   14.12.2010 16:26                                                        
                                                                     Thema 
                                       [ZendTo] Re: Antwort: Re: Antwort:  
   Bitte antworten an                  Re: LDAPAuthorization for zendto    
   ZendTo Users                                                            
   <zendto at zend.to>                                                        
                                                                           
                                                                           
                                                                           
                                                                           




Yes, I agree that's not perfect. But I can't find a decent way within the
existing data structures of implementing this without a nasty hack :-(

There are other reasons the authentication might fail, even when they have
put in the right username and password, such as too many failed login
attempts causing them to be locked out. But that's all implemented in a
different place, which doesn't have access to the LDAP code at all.

The return code is just a true/false value, and I really don't want to
change that if I can avoid it. Using a non-zero value to represent failure
is *really bad* in my book, as in the current code a result of 0 is failure
and 1 is success. I really don't want to represent "failure but for a
different reason" as 2.

I admit you get the "username or password incorrect" error message as well,
when ideally you shouldn't, but at least the first error message it gives
is the correct one.

Any better ideas of how I can implement it neatly and logically?

Jules.

On 14/12/2010 15:09, patrick.gaikowski at kaufland.com wrote:


      Hello Jules,

      yes this was the missing point.

      An optimization would be to have only the error message
      "Authorisation failed" when the Authentication was successful. In
      this context the Input credentials seems to be wrong but the aren't.
      As you can see on the screenshot the user seems to be logged in but
      isn't logged in because auf missing rights.








      Greetings

      Patrick



      http://www.kaufland.de

      Kaufland Informationssysteme GmbH & Co. KG
      Postfach 12 53 - 74149 Neckarsulm
      Kommanditgesellschaft
      Sitz: Neckarsulm
      Registergericht: Amtsgericht Stuttgart HRA 104163

      Diese Nachricht enthält vertrauliche Informationen und ist
      ausschließlich für
      den Adressaten bestimmt. Jeder Gebrauch durch Dritte ist verboten.
      Falls Sie
      die Daten irrtümlich erhalten haben, nehmen Sie bitte Kontakt mit dem
      Absender auf und löschen Sie die Daten auf jedem Computer und
      Datenträger.
      This message contains confidential information and is intended solely
      for the
      use by the addressee. Any use of this message by a third party is
      prohibited.
      If you receive this message in error, please contact the sender and
      delete the
      data from any computer and data carrier.




      _______________________________________________
      ZendTo mailing list
      ZendTo at zend.to
      http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

Jules

--
Julian Field MEng CITP CEng
www.Zend.To

Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM
_______________________________________________
ZendTo mailing list
ZendTo at zend.to
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/5d86a9d0/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/5d86a9d0/attachment.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/5d86a9d0/attachment-0001.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: C7555045.gif
Type: image/gif
Size: 5220 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/5d86a9d0/attachment-0002.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: C3436367.gif
Type: image/gif
Size: 1477 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/5d86a9d0/attachment-0003.gif 


More information about the ZendTo mailing list