[ZendTo] Re: LDAP Authenticate...

Edgar R. Silva esilva at adinet.com.uy
Fri Oct 26 14:40:13 BST 2012


Hi Jules, i use "ldapsearch" to query AD settings and work fine

 

ldapsearch -x -LLL -E pr=200/noprompt -h 'serverName1Here' -D
'administrator' -w 'passwordhere' -b
'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy' -s sub '(sAMAccountName=*)' cn
mail memberOf 

 

How transfer these options to preferences.php?

 

// Settings for the LDAP authenticator.

  //

   'authenticator'         => 'LDAP',

   'authLDAPBaseDN'        => 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',

   'authLDAPServers'       =>
array('serverName1Here.suarez.celsius.com.uy','serverName2Here.suarez.celsiu
s.com.uy'),

   'authLDAPAccountSuffix' => '',

   'authLDAPUseSSL'        => false,

   'authLDAPBindDn'        =>
'CN=administrator,CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',

   'authLDAPBindPass'      => 'administrator password here',

   'authLDAPOrganization'  => 'i dont know here',

// This is the list of LDAP properties used to build the user's full name

  'authLDAPFullName'      => 'i dont know here',

// If both these 2 settings are set, then the users must be members of this

// group/role.

  'authLDAPMemberKey'     => 'MemberOf',

  'authLDAPMemberRole'    => 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',

 

Tks

Edgar.

 

 

De: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] En nombre de
Jules
Enviado el: viernes, 26 de octubre de 2012 07:54
Para: ZendTo Users
Asunto: [ZendTo] Re: LDAP Authenticate...

 

Sounds like your AD settings aren't right. The best way to find the right
settings (and it is a bit of trial-and-error) is to use "ldapsearch" to
query your AD settings. 

ldapsearch -x -LLL -E pr=200/noprompt -h AD-SERVER-NAME-HERE -D 
'USERNAME-HERE' -w 'PASSWORD-HERE' -b 'BASEDN-HERE' -s sub 
'(sAMAccountName=*)' cn mail memberOf 

Obviously you need to substitute your settings in there, but once you get
some sense out of that command you should know what to put into
preferences.php for your site. 

Also, make sure that if you aren't using IPv6, that there is *not* an AAAA
dns record for your AD servers. Otherwise Linux will see the AAAA record and
try to use it in preference to the A record, and fail to connect.

Jules.

On 25/10/2012 12:53, Edgar R. Silva wrote:

                Ok, i have set de last 2 to '' and not autenthicate

 

'authLDAPMemberKey'     => '',

                       'authLDAPMemberRole'    => '',

 

Tks.        

Edgar

 

 

De: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] En nombre de
Jules
Enviado el: jueves, 25 de octubre de 2012 07:49
Para: ZendTo Users
Asunto: [ZendTo] Re: LDAP Authenticate...

 

 

On 24/10/2012 20:41, Edgar R. Silva wrote:

I can not configure LDAP authentication

I have several programs with LDAP authentication (joomla and vtiger) and
work well

I have Windows 2008 Servers

 

// Settings for the LDAP authenticator.

  //

   'authenticator'         => 'LDAP',

   'authLDAPBaseDN'        => 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',

   'authLDAPServers'       =>
array('server2010.suarez.celsius.com.uy','exchange-02.suarez.celsius.com.uy'
),

   'authLDAPAccountSuffix' => '',

   'authLDAPUseSSL'        => false,

   'authLDAPBindDn'        =>
'CN=administrator,CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',

   'authLDAPBindPass'      => 'administrator password here',

   'authLDAPOrganization'  => 'i dont know here',

// This is the list of LDAP properties used to build the user's full name

  'authLDAPFullName'      => 'i dont know here',

// If both these 2 settings are set, then the users must be members of this

// group/role.

  'authLDAPMemberKey'     => 'MemberOf',

  'authLDAPMemberRole'    => 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',

Start by setting the last 2 to '' as you aren't using that facility. It's so
you can have a large tree under of users under your BaseDN, but only allow a
few users who are a member of a specific group to use ZendTo.

That may be all it is.





Jules
 
-- 
Julian Field MEng MBCS CITP CEng
www.Zend.To
 
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
 
'Think globally, act locally.' - Friends of the Earth






_______________________________________________
ZendTo mailing list
ZendTo at zend.to
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto





Jules
 
-- 
Julian Field MEng MBCS CITP CEng
www.Zend.To
 
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
 
'Science is an integral part of culture. It's not this foreign
 thing, done by an arcane priesthood. It's one of the glories of
 human intellectual tradition.' - Stephen Jay Gould

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20121026/3e301c1e/attachment.html 


More information about the ZendTo mailing list