[ZendTo] Re: Authentication failure display bug in ZendTo 4.11-6

Jules Jules at Zend.To
Fri Jan 18 09:40:06 GMT 2013


On 18/01/2013 09:27, Mike Brudenell wrote:
> Hi, Jules!
>
> On 18 January 2013 09:08, Jules <Jules at zend.to <mailto:Jules at zend.to>> 
> wrote:
>
>     If they were originally arrays in my default file, they need to be
>     arrays still, even empty ones.
>
>
> Looking at preferences.php in the current 4.11-6 release (which I 
> guess is similar to/the same as the versions we're running) it says:
>
>   // If you are not using this 2nd set of settings for a 2nd AD forest,
>   // do not comment them out, but instead set them to be empty.
> 'authLDAPBaseDN2'           => 'DC=soton,DC=ac,DC=uk',
> 'authLDAPServers2'          => array('ad1.soton.ac.uk 
> <http://ad1.soton.ac.uk>','ad2.soton.ac.uk <http://ad2.soton.ac.uk>'),
> 'authLDAPAccountSuffix2'    => '@soton.ac.uk <http://soton.ac.uk>',
> 'authLDAPUseSSL2'           => false,
> 'authLDAPBindUser2'         => 'SecretUsername2',
> 'authLDAPBindPass2'         => 'SecretPassword2',
> 'authLDAPOrganization2'     => 'University of Southampton',
>
> Not being terribly familiar with PHP we took this literally and set 
> the values to be blank --- ie, ''.
>
> It was only yesterday by luck that I spotted the comment earlier on in 
> the file about the forest1 preferences which says:
>
>  // Settings for the 2-forest/2-domain AD authenticator.
>   // Set
>   //     'authLDAPServers2' => array(),
>   // if you only have to search 1 AD forest/domain.
>
> that made me realise we'd got it wrong. Perhaps this note should be 
> moved down in to just above the forest2 preferences to help people 
> spot it?
Good idea. Will do.
>
> In passing (and it may not make much difference given the bailout test 
> is made against the authLDAPServer2 variable) should we have set 
> authLDAPUseSSL2 (a boolean) to be either true or false here rather 
> than '' as well? (It's false in your original file but we blindly set 
> it to '' too as per the current comment.)
Yes, it should be true or false.
>
>     Aha! Many thanks! :-)
>
>     Yes, just looked at the code, you're totally right.
>
>
> Phew! I was beginning to think I was barking up the wrong tree and 
> wasting your time. No problem at all: our users here really appreciate 
> ZendTo. I'm currently trying to resist switching the CAPTCHA to 
> AreYouAHuman ... I may seek comments from our support office. :-)
I would give AreYouAHuman a go, I suspect your users will much prefer 
it. The Google one can be really awkward sometimes. The only duff bit is 
the audio version doesn't really work, but I haven't tried the audio 
version of the Google one so it may not be much better. Apparently if 
it's too audible, the botnets can transcribe it and crack it really 
easily. A bit of a lose-lose situation there, unfortunately.

One thing to note in the AreYouAHuman setup, in their management 
"portal" you have to set the game type to "Embedded" and not the default 
"Light Box".

Cheers,

Jules

-- 
Julian Field MEng MBCS CITP CEng

'People will believe a big lie sooner than a little one, and if you
  repeat it frequently enough people will sooner or later believe
  it.' - Walter Langer

www.Zend.To
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20130118/a9c67e68/attachment-0001.html 


More information about the ZendTo mailing list