[ZendTo] Re: LDAP Authenticate...
Jules
Jules at Zend.To
Fri Oct 26 16:33:52 BST 2012
On 26/10/2012 14:40, Edgar R. Silva wrote:
>
> Hi Jules, i use "ldapsearch" to query AD settings and work fine
>
> ldapsearch -x -LLL -E pr=200/noprompt -h 'serverName1Here' -D
> 'administrator' -w 'passwordhere' -b
> 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy' -s sub
> '(sAMAccountName=*)' cn mail memberOf
>
> How transfer these options to preferences.php?
>
> // Settings for the LDAP authenticator.
>
> //
>
> 'authenticator' => 'LDAP',
>
> 'authLDAPBaseDN' => 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> 'authLDAPServers' =>
> array('serverName1Here.suarez.celsius.com.uy','serverName2Here.suarez.celsius.com.uy'),
>
> 'authLDAPAccountSuffix' => '',
>
> 'authLDAPUseSSL' => false,
>
> 'authLDAPBindDn' =>
> 'CN=administrator,CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> 'authLDAPBindPass' => 'administrator password here',
>
> 'authLDAPOrganization' => 'i dont know here',
>
That's just the name of your organization such as "Celsius Inc.".
>
> // This is the list of LDAP properties used to build the user's full name
>
> 'authLDAPFullName' => 'i dont know here',
>
It could be, for example 'givenName sn'. It is literally used to create
the full name of the user to display. You might well be able to use
'displayName' in many setups. It depends on the attributes that are
populated in your AD setup.
>
> // If both these 2 settings are set, then the users must be members of
> this
>
> // group/role.
>
> 'authLDAPMemberKey' => 'MemberOf',
>
> 'authLDAPMemberRole' => 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
I would still leave both of these set to ''. You aren't using this
facility, and it will be faster and simpler if it doesn't have to do
this extra check.
>
> Tks
>
> Edgar.
>
> *De:*zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] *En nombre
> de *Jules
> *Enviado el:* viernes, 26 de octubre de 2012 07:54
> *Para:* ZendTo Users
> *Asunto:* [ZendTo] Re: LDAP Authenticate...
>
> Sounds like your AD settings aren't right. The best way to find the
> right settings (and it is a bit of trial-and-error) is to use
> "ldapsearch" to query your AD settings.
>
> ldapsearch -x -LLL -E pr=200/noprompt -h AD-SERVER-NAME-HERE -D
> 'USERNAME-HERE' -w 'PASSWORD-HERE' -b 'BASEDN-HERE' -s sub
> '(sAMAccountName=*)' cn mail memberOf
>
> Obviously you need to substitute your settings in there, but once you
> get some sense out of that command you should know what to put into
> preferences.php for your site.
>
> Also, make sure that if you aren't using IPv6, that there is ****not**
> an AAAA dns record for your AD servers. Otherwise Linux will see the
> AAAA record and try to use it in preference to the A record, and fail
> to connect.
>
> Jules.
>
> On 25/10/2012 12:53, Edgar R. Silva wrote:
>
> Ok, i have set de last 2 to '' and not autenthicate
>
> 'authLDAPMemberKey' => '',
>
> 'authLDAPMemberRole' => '',
>
> Tks.
>
> Edgar
>
> *De:*zendto-bounces at zend.to <mailto:zendto-bounces at zend.to>
> [mailto:zendto-bounces at zend.to] *En nombre de *Jules
> *Enviado el:* jueves, 25 de octubre de 2012 07:49
> *Para:* ZendTo Users
> *Asunto:* [ZendTo] Re: LDAP Authenticate...
>
> On 24/10/2012 20:41, Edgar R. Silva wrote:
>
> I can not configure LDAP authentication
>
> I have several programs with LDAP authentication (joomla and
> vtiger) and work well
>
> I have Windows 2008 Servers
>
> // Settings for the LDAP authenticator.
>
> //
>
> 'authenticator' => 'LDAP',
>
> 'authLDAPBaseDN' =>
> 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> 'authLDAPServers' =>
> array('server2010.suarez.celsius.com.uy','exchange-02.suarez.celsius.com.uy'),
>
> 'authLDAPAccountSuffix' => '',
>
> 'authLDAPUseSSL' => false,
>
> 'authLDAPBindDn' =>
> 'CN=administrator,CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> 'authLDAPBindPass' => 'administrator password here',
>
> 'authLDAPOrganization' => 'i dont know here',
>
> // This is the list of LDAP properties used to build the
> user's full name
>
> 'authLDAPFullName' => 'i dont know here',
>
> // If both these 2 settings are set, then the users must be
> members of this
>
> // group/role.
>
> 'authLDAPMemberKey' => 'MemberOf',
>
> 'authLDAPMemberRole' =>
> 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> Start by setting the last 2 to '' as you aren't using that
> facility. It's so you can have a large tree under of users under
> your BaseDN, but only allow a few users who are a member of a
> specific group to use ZendTo.
>
> That may be all it is.
>
>
>
> Jules
>
>
>
> --
>
> Julian Field MEng MBCS CITP CEng
>
> www.Zend.To <http://www.Zend.To>
>
>
>
> Twitter: @JulesFM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> 'Think globally, act locally.' - Friends of the Earth
>
>
>
>
> _______________________________________________
>
> ZendTo mailing list
>
> ZendTo at zend.to <mailto:ZendTo at zend.to>
>
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
>
>
> Jules
>
>
>
> --
>
> Julian Field MEng MBCS CITP CEng
>
> www.Zend.To <http://www.Zend.To>
>
>
>
> Twitter: @JulesFM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> 'Science is an integral part of culture. It's not this foreign
>
> thing, done by an arcane priesthood. It's one of the glories of
>
> human intellectual tradition.' - Stephen Jay Gould
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> Jules
>
> --
> Julian Field MEng MBCS CITP CEng
> www.Zend.To
>
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> South-east Iceland: Northerly backing westerly later, 6 to gale 8, becoming
> variable 4 for a time. Rough or very rough, occasionally high at first.
> Squally wintry showers then rain. Moderate or good, occasionally poor.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20121026/d9989193/attachment-0001.html
More information about the ZendTo
mailing list