[ZendTo] Re: Active Directory authentication issues

Jules Jules at Zend.To
Tue Feb 19 13:36:06 GMT 2013


Ryan,

Sorry for not being in touch for so long, I've been ill (and am still 
bouncing in and out of hospitals at the moment).

The best approach with AD settings is to play with ldapsearch until you 
find a set of settings that will make it list the user attributes you need.

Here's a sample ldapsearch command for you

ldapsearch -x -LLL -E pr=200/noprompt -h 
10.20.1.5<http://dc1.hansondodge.com> -D 'rcain' -w '*****' -b 
'DC=peoriariverfrontmuseum,DC=org' -s sub '(sAMAccountName=*)' cn mail 
memberOf

and play around with that until you find a "-b" setting and a "-D" 
setting that works for you.

Hope that helps!

Jules.

On 14/02/2013 00:44, Ryan Cain wrote:
>
> Hi there,
>
> I've got ZendTo up and running mostly successfully, but having a few 
> issues with AD logins. AD authentication only works for certain users, 
> even if I specify the exact OU that some of them are in.
>
> I have a ZendTo user sitting in 
> CN=Users,DC=peoriariverfrontmuseum,DC=org and it is able to log in 
> just fine. However, my own user account which is in 
> OU=Users,OU=Operations,OU=PRM,DC=peoriariverfrontmuseum,DC=org is not 
> able to log in. Below is my AD configuration from preferences.php. Any 
> help would be much appreciated! Thanks!
>
>   'authenticator'             => 'AD',
>
>   'authLDAPAdmins'            => array('rcain', 'jmellican'),
>
>   'authLDAPBaseDN1'           => 'DC=peoriariverfrontmuseum,DC=org',
>
>   'authLDAPServers1'          => array('10.20.1.5','10.20.1.6'),
>
>   'authLDAPAccountSuffix1'    => '@peoriariverfrontmuseum.org',
>
>   'authLDAPUseSSL1'           => false,
>
>   'authLDAPBindUser1'         => 'zendto',
>
>   'authLDAPBindPass1'         => '********',
>
>   'authLDAPOrganization1'     => 'PRM',
>
> *Ryan Cain*
> Director of Technology
> Peoria Riverfront Museum
> O - 309-863-3011
>
> C - 309-657-3148
> F - 309-863-3054
>
> rcain at peoriariverfrontmuseum.org <mailto:rcain at peoriariverfrontmuseum.org>
>
>
> DISCLAIMER: The information in this email is confidential and for the 
> intended recipient only. If you are not the addressee you may not 
> disclose, copy or distribute the contents of this email. If received 
> in error, please notify the sender. We accept no liability in the 
> event of any loss or damage suffered whilst accessing this email.
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> Jules
>
> -- 
> Julian Field MEng MBCS CITP CEng
>
> 'Intelligence is quickness to apprehend as distinct from ability,
>   which is capacity to act wisely on the thing apprehended.'
>   - Alfred North Whitehead
>
> www.Zend.To
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20130219/59e02f5b/attachment-0001.html 


More information about the ZendTo mailing list