[ZendTo] AD Authentication Issue

Kevin Miller kevin.miller at juneau.org
Wed Jan 9 20:34:42 GMT 2019


I doubt CN will work (I could be wrong).  If you want to limit it to a subset of your users, I’d recommend that you create an OU structure similar to this:
               USERS
                                MailScannerUsers
                                GeneralUsers

Then set the authLDAPBaseDN to
array('OU=<MailScannerUsers>,OU=<Users,DC=ThirdLevelDomain,DC=SecondLevelDomain,DC=FirstLevelDomain ',

I’m guessing that the LDAP query is failing because you don’t specify where to look for the user, i.e., which OU to find the account in.

Of c ourse, depending on your OU setup, you may or may not have the option to move users around like that.  But only you can determine that…

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

From: ZendTo [mailto:zendto-bounces at zend.to] On Behalf Of RICARDO ARAÚJO POPOIRE WANDERLEY via ZendTo
Sent: Wednesday, January 09, 2019 10:53 AM
To: 'Ken Etter'; ZendTo List
Cc: RICARDO ARAÚJO POPOIRE WANDERLEY
Subject: Re: [ZendTo] AD Authentication Issue

Hi Ken

I’m using CN because I need to allow users only from specify group.

Even without “domain\user” I get this issue.  LDAP auth doesn’t working, I get LDAP error.

Ldapsearch is OK and I can bind normally.

Could you send an example of your conf for LDAP auth?

Thanks!

At.te
Ricardo Araujo
21 3223 7944

From: Ken Etter <KLE at msktd.com>
Sent: quarta-feira, 9 de janeiro de 2019 17:43
To: ZendTo List <zendto at zend.to>
Cc: RICARDO ARAÚJO POPOIRE WANDERLEY <ricardo.araujo at modal.com.br>
Subject: Re: [ZendTo] AD Authentication Issue

I authenticate against LDAP, not AD.  I'm not AD knowledgeable, so just throwing out some random thoughts...

Are you sure that your authLDAPBaseDN1 is correct?  I'm used to seeing OU or O in there, and I know AD uses DC, but is CN correct?
Should authLDAPBindUser1 have "org\" in front of the username?
>>> RICARDO ARAÚJO POPOIRE WANDERLEY via ZendTo <zendto at zend.to<mailto:zendto at zend.to>> 1/9/2019 2:31 PM >>>
Guys,

Any update on this?

At.te
Ricardo Araujo
21 3223 7944

From: RICARDO ARAÚJO POPOIRE WANDERLEY
Sent: terça-feira, 8 de janeiro de 2019 15:46
To: ZendTo Users <zendto at zend.to<mailto:zendto at zend.to>>
Subject: AD Authentication Issue

Hi Folks

We are facing an issue with AD authentication. When I set AD mode I can logged in even if I try to do this with an user that doesn’t exists in my AD environment.

It seems to Zendto is bypassing and accepting users to login with any account and password.

Preferences.php is configured as bellow:

  'authenticator'             => 'AD',
    'authLDAPServers1'          => array('xxx.xxx.xxx.xxx'),
    'authLDAPBaseDN1'           => array('CN=XXX,DC=XXXX,DC=XXX,DC=XXX'),
    'authLDAPAccountSuffix1'    => '@xxxx.xxx.xxx',
    'authLDAPUseSSL1'           => false,
  //'authLDAPUseTLS1'           => false,
    'authLDAPBindUser1'         => 'org\svc_zendto',
    'authLDAPBindPass1'         => 'password’,
  //'authLDAPMemberKey'         => '',
  //'authLDAPMemberRole'        => '',
    'authLDAPOrganization1'     => 'org',

Ldapsearch Works fine.

Could you help me with this?

Zendto Version: 5.15-1
Php Version: PHP 7.2.13 (cli) (built: Dec  6 2018 15:54:38) ( NTS )


Thanks in advance

[http://www.modal.com.br/emailmkt/marca-assinatura.jpg]<https://modal.com.br/html/index.php>



RICARDO ARAUJO POPOIRE WANDERLEY







Tels. 55 21 3223 7944 | 7700
Cel.  55 21 99477 6779
Fax   55 21 3223 7738









[cid:image002.png at 01D4A80F.51274190]

A impressão consciente gera economia e responsabilidade com o meio ambiente


Atenção: Esta comunicação deve ser lida apenas pelo seu destinatário e não pode ser retransmitida sem autorização formal. Se esta mensagem tiver sido recebida indevidamente, por favor destrua-a e retire-a de seu computador.
Qualquer reprodução, disseminação, alteração, distribuição e/ou publicação deste e-mail é estritamente proibida.



Notice of Confidentiality: This document should only be read by those persons to whom it is addressed and is not intended to be relied upon by any person without subsequent written confirmation of its contents. If you have received this e-mail message in error, please destroy it and delete it from your computer.
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190109/6ddf3261/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6558 bytes
Desc: image001.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20190109/6ddf3261/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 2270 bytes
Desc: image002.png
URL: <http://jul.es/pipermail/zendto/attachments/20190109/6ddf3261/attachment-0001.png>


More information about the ZendTo mailing list