[ZendTo] Re: LDAP Authenticate...

Jules Jules at Zend.To
Fri Oct 26 10:54:09 BST 2012


Sounds like your AD settings aren't right. The best way to find the 
right settings (and it is a bit of trial-and-error) is to use 
"ldapsearch" to query your AD settings.

ldapsearch -x -LLL -E pr=200/noprompt -h AD-SERVER-NAME-HERE -D
'USERNAME-HERE' -w 'PASSWORD-HERE' -b 'BASEDN-HERE' -s sub
'(sAMAccountName=*)' cn mail memberOf

Obviously you need to substitute your settings in there, but once you 
get some sense out of that command you should know what to put into 
preferences.php for your site.

Also, make sure that if you aren't using IPv6, that there is *not* an 
AAAA dns record for your AD servers. Otherwise Linux will see the AAAA 
record and try to use it in preference to the A record, and fail to connect.

Jules.

On 25/10/2012 12:53, Edgar R. Silva wrote:
>
> Ok, i have set de last 2 to '' and not autenthicate
>
> 'authLDAPMemberKey'     => '',
>
>                      'authLDAPMemberRole'    => '',
>
> Tks.
>
> Edgar
>
> *De:*zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] *En nombre 
> de *Jules
> *Enviado el:* jueves, 25 de octubre de 2012 07:49
> *Para:* ZendTo Users
> *Asunto:* [ZendTo] Re: LDAP Authenticate...
>
> On 24/10/2012 20:41, Edgar R. Silva wrote:
>
>     I can not configure LDAP authentication
>
>     I have several programs with LDAP authentication (joomla and
>     vtiger) and work well
>
>     I have Windows 2008 Servers
>
>     // Settings for the LDAP authenticator.
>
>       //
>
>     'authenticator'         => 'LDAP',
>
>     'authLDAPBaseDN'        =>
>     'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
>     'authLDAPServers'       =>
>     array('server2010.suarez.celsius.com.uy','exchange-02.suarez.celsius.com.uy'),
>
>     'authLDAPAccountSuffix' => '',
>
>     'authLDAPUseSSL'        => false,
>
>     'authLDAPBindDn'        =>
>     'CN=administrator,CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
>     'authLDAPBindPass'      => 'administrator password here',
>
>     'authLDAPOrganization'  => 'i dont know here',
>
>     // This is the list of LDAP properties used to build the user's
>     full name
>
>     'authLDAPFullName'      => 'i dont know here',
>
>     // If both these 2 settings are set, then the users must be
>     members of this
>
>     // group/role.
>
>     'authLDAPMemberKey'     => 'MemberOf',
>
>     'authLDAPMemberRole'    =>
>     'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> Start by setting the last 2 to '' as you aren't using that facility. 
> It's so you can have a large tree under of users under your BaseDN, 
> but only allow a few users who are a member of a specific group to use 
> ZendTo.
>
> That may be all it is.
>
>
> Jules
>   
> -- 
> Julian Field MEng MBCS CITP CEng
> www.Zend.To  <http://www.Zend.To>
>   
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>   
> 'Think globally, act locally.' - Friends of the Earth
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> Jules
>
> -- 
> Julian Field MEng MBCS CITP CEng
> www.Zend.To
>
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> 'Science is an integral part of culture. It's not this foreign
>   thing, done by an arcane priesthood. It's one of the glories of
>   human intellectual tradition.' - Stephen Jay Gould
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20121026/ad004184/attachment-0001.html 


More information about the ZendTo mailing list