[ZendTo] Re: Authentication failure display bug in ZendTo 4.11-6

Jules Jules at Zend.To
Thu Jan 17 16:56:34 GMT 2013 

If you set all the 2nd forest settings to blank (or empty arrays) rather 
than commenting them out, you should have better luck.

Jules.

On 17/01/2013 16:45, Mike Brudenell wrote:
> Hi, all -
>
> We are using AD authentication with only 1 forest/domain. When someone 
> enters an invalid username/password combination they see a ghastly 
> trio of errors within the login page saying:
>
> [error] 	LDAP Error
> Check User: Unable to connect to any of the authentication servers; 
> could not authenticate user.
> [error] 	LDAP Error
> Check User: Unable to connect to any of the LDAP servers; could not 
> authenticate user.
> [error] 	Authentication Error
> The username or password was incorrect.
>
>
> The problem is a missing code fragment in the authenticate() function 
> within lib/NSSADAuthenticator.php
>
> An earlier function named validUsername() checks whether the username 
> is valid by searching domain1 and then domain2. Before checking 
> domain2 there's a check to see whether a second domain is actually 
> configured, and if not to bail out:
>
>     // Bail out quietly if there isn't a 2nd AD forest
>     if (empty($this->_ldapServers2)) {
>       return FALSE;
>     }
>
> However in the authenticate() function this bailout test is omitted. 
> So after checking domain1 for the invalid username/password 
> combination the function blithely goes on to check it against domain2 
> even though the second domain isn't configured in the preferences. 
> This gives the first two nasty LDAP errors in the trio.
>
> The fix is to copy the bailout code fragment from the validUsername() 
> function to the equivalent position in the authenticate() function --- 
> ie, just before the domain2 tests.
>
> Sorry I can't give a patch file: we're actually running a version 
> older than 4.11-6 (but I have checked the lib/NSSADAuthenticator.php 
> file in 4.11-6 and the problem is still present).
>
> Cheers,
> Mike B-)
>
> -- 
> IT Services, The University of York, Heslington, York YO10 5DD, UK
> Tel: +44-1904-323811
> Disclaimer: <http://www.york.ac.uk/docs/disclaimer/email.htm>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> Jules
>
> -- 
> Julian Field MEng MBCS CITP CEng
>
> Viking, North Utsire, South Utsire, Forties: Southerly or southeasterly 5 to
> 7, decreasing 4 at times. Slight or moderate, becoming moderate or rough. Snow
> showers. Good, occasionally poor.
>
> www.Zend.To
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20130117/ace740dc/attachment.html

More information about the ZendTo mailing list