[ZendTo] Re: LDAP Authenticate...
Jules
Jules at Zend.To
Fri Oct 26 16:35:41 BST 2012
Aha, I think I've just spotted your mistake.
You shouldn't be using
'authenticator' => 'LDAP',
at all, you should be using the section that starts
'authenticator' => 'AD',
The 'authLDAPFullName' isn't mentioned in the AD settings at all, that's
what gave it away to me just now!
Jules.
On 26/10/2012 14:40, Edgar R. Silva wrote:
>
> Hi Jules, i use "ldapsearch" to query AD settings and work fine
>
> ldapsearch -x -LLL -E pr=200/noprompt -h 'serverName1Here' -D
> 'administrator' -w 'passwordhere' -b
> 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy' -s sub
> '(sAMAccountName=*)' cn mail memberOf
>
> How transfer these options to preferences.php?
>
> // Settings for the LDAP authenticator.
>
> //
>
> 'authenticator' => 'LDAP',
>
> 'authLDAPBaseDN' => 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> 'authLDAPServers' =>
> array('serverName1Here.suarez.celsius.com.uy','serverName2Here.suarez.celsius.com.uy'),
>
> 'authLDAPAccountSuffix' => '',
>
> 'authLDAPUseSSL' => false,
>
> 'authLDAPBindDn' =>
> 'CN=administrator,CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> 'authLDAPBindPass' => 'administrator password here',
>
> 'authLDAPOrganization' => 'i dont know here',
>
> // This is the list of LDAP properties used to build the user's full name
>
> 'authLDAPFullName' => 'i dont know here',
>
> // If both these 2 settings are set, then the users must be members of
> this
>
> // group/role.
>
> 'authLDAPMemberKey' => 'MemberOf',
>
> 'authLDAPMemberRole' => 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> Tks
>
> Edgar.
>
> *De:*zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] *En nombre
> de *Jules
> *Enviado el:* viernes, 26 de octubre de 2012 07:54
> *Para:* ZendTo Users
> *Asunto:* [ZendTo] Re: LDAP Authenticate...
>
> Sounds like your AD settings aren't right. The best way to find the
> right settings (and it is a bit of trial-and-error) is to use
> "ldapsearch" to query your AD settings.
>
> ldapsearch -x -LLL -E pr=200/noprompt -h AD-SERVER-NAME-HERE -D
> 'USERNAME-HERE' -w 'PASSWORD-HERE' -b 'BASEDN-HERE' -s sub
> '(sAMAccountName=*)' cn mail memberOf
>
> Obviously you need to substitute your settings in there, but once you
> get some sense out of that command you should know what to put into
> preferences.php for your site.
>
> Also, make sure that if you aren't using IPv6, that there is ****not**
> an AAAA dns record for your AD servers. Otherwise Linux will see the
> AAAA record and try to use it in preference to the A record, and fail
> to connect.
>
> Jules.
>
> On 25/10/2012 12:53, Edgar R. Silva wrote:
>
> Ok, i have set de last 2 to '' and not autenthicate
>
> 'authLDAPMemberKey' => '',
>
> 'authLDAPMemberRole' => '',
>
> Tks.
>
> Edgar
>
> *De:*zendto-bounces at zend.to <mailto:zendto-bounces at zend.to>
> [mailto:zendto-bounces at zend.to] *En nombre de *Jules
> *Enviado el:* jueves, 25 de octubre de 2012 07:49
> *Para:* ZendTo Users
> *Asunto:* [ZendTo] Re: LDAP Authenticate...
>
> On 24/10/2012 20:41, Edgar R. Silva wrote:
>
> I can not configure LDAP authentication
>
> I have several programs with LDAP authentication (joomla and
> vtiger) and work well
>
> I have Windows 2008 Servers
>
> // Settings for the LDAP authenticator.
>
> //
>
> 'authenticator' => 'LDAP',
>
> 'authLDAPBaseDN' =>
> 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> 'authLDAPServers' =>
> array('server2010.suarez.celsius.com.uy','exchange-02.suarez.celsius.com.uy'),
>
> 'authLDAPAccountSuffix' => '',
>
> 'authLDAPUseSSL' => false,
>
> 'authLDAPBindDn' =>
> 'CN=administrator,CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> 'authLDAPBindPass' => 'administrator password here',
>
> 'authLDAPOrganization' => 'i dont know here',
>
> // This is the list of LDAP properties used to build the
> user's full name
>
> 'authLDAPFullName' => 'i dont know here',
>
> // If both these 2 settings are set, then the users must be
> members of this
>
> // group/role.
>
> 'authLDAPMemberKey' => 'MemberOf',
>
> 'authLDAPMemberRole' =>
> 'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',
>
> Start by setting the last 2 to '' as you aren't using that
> facility. It's so you can have a large tree under of users under
> your BaseDN, but only allow a few users who are a member of a
> specific group to use ZendTo.
>
> That may be all it is.
>
>
>
> Jules
>
>
>
> --
>
> Julian Field MEng MBCS CITP CEng
>
> www.Zend.To <http://www.Zend.To>
>
>
>
> Twitter: @JulesFM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> 'Think globally, act locally.' - Friends of the Earth
>
>
>
>
> _______________________________________________
>
> ZendTo mailing list
>
> ZendTo at zend.to <mailto:ZendTo at zend.to>
>
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
>
>
> Jules
>
>
>
> --
>
> Julian Field MEng MBCS CITP CEng
>
> www.Zend.To <http://www.Zend.To>
>
>
>
> Twitter: @JulesFM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
> 'Science is an integral part of culture. It's not this foreign
>
> thing, done by an arcane priesthood. It's one of the glories of
>
> human intellectual tradition.' - Stephen Jay Gould
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> Jules
>
> --
> Julian Field MEng MBCS CITP CEng
> www.Zend.To
>
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> 'Split apart, reunited, or adjusting for new conditions on the
> ground, a family is a double-edged sword. They're the best of times,
> the worst of times, your keys to the kingdom and the skeletons in
> your closet. If only we didn't have to eat dinner with them.'
> -- Mary, "In Plain Sight"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20121026/6cc55dac/attachment.html
More information about the ZendTo
mailing list