[ZendTo] AD Authentication Issue

Ken Etter KLE at msktd.com
Wed Jan 9 20:45:17 GMT 2019


Ricardo,
You don't specify group membership in the authLDAPBaseDN setting.  That
is most likely your problem.  That setting tells ZendTo where to start
it's search.  It should be an organizational unit, not an object like a
group.

To specify a group use authLDAPMemberKey and authLDAPMemberRole.

preferences.php lists these examples for usage:
  // 'authLDAPMemberKey'  => 'memberOf',
  // 'authLDAPMemberRole' =>
'cn=ztUsers,OU=securityGroups,DC=example,DC=com',

My setup wouldn't help since I'm not group limiting like you want to
do.

Ken Etter, System Administrator
Architectural Group
260.432.9337 | msktd.com




 
From: ZendTo [mailto:zendto-bounces at zend.to]On Behalf Of RICARDO ARAÚJO
POPOIRE WANDERLEY via ZendTo
Sent: Wednesday, January 09, 2019 10:53 AM
To: 'Ken Etter'; ZendTo List
Cc: RICARDO ARAÚJO POPOIRE WANDERLEY
Subject: Re: [ZendTo] AD Authentication Issue
 
Hi Ken
 
I’m using CN because I need to allow users only from specify group.
 
Even without “domain\user” I get this issue.  LDAP auth doesn’t
working, I get LDAP error.
 
Ldapsearch is OK and I can bind normally.
 
Could you send an example of your conf for LDAP auth?
 
Thanks!
 
At.te
Ricardo Araujo
21 3223 7944
 
From: Ken Etter <KLE at msktd.com>
Sent: quarta-feira, 9 de janeiro de 2019 17:43
To: ZendTo List <zendto at zend.to>
Cc: RICARDO ARAÚJO POPOIRE WANDERLEY <ricardo.araujo at modal.com.br>
Subject: Re: [ZendTo] AD Authentication Issue
 
I authenticate against LDAP, not AD.  I'm not AD knowledgeable, so just
throwing out some random thoughts...
 
Are you sure that your authLDAPBaseDN1 is correct?  I'm used to seeing
OU or O in there, and I know AD uses DC, but is CN correct?
Should authLDAPBindUser1 have "org\" in front of the username?
>>> RICARDO ARAÚJO POPOIRE WANDERLEY via ZendTo <zendto at zend.to>
1/9/2019 2:31 PM >>>
Guys, 
 
Any update on this?
 
At.te
Ricardo Araujo
21 3223 7944
 
From: RICARDO ARAÚJO POPOIRE WANDERLEY
Sent: terça-feira, 8 de janeiro de 2019 15:46
To: ZendTo Users <zendto at zend.to>
Subject: AD Authentication Issue
 
Hi Folks
 
We are facing an issue with AD authentication. When I set AD mode I can
logged in even if I try to do this with an user that doesn’t exists in
my AD environment.
 
It seems to Zendto is bypassing and accepting users to login with any
account and password.
 
Preferences.php is configured as bellow:
 
  'authenticator'  		   => 'AD',
    'authLDAPServers1' 		 => array('xxx.xxx.xxx.xxx'),
    'authLDAPBaseDN1' 		  =>
array('CN=XXX,DC=XXXX,DC=XXX,DC=XXX'),
    'authLDAPAccountSuffix1'    => '@xxxx.xxx.xxx',
    'authLDAPUseSSL1' 		  => false,
  //'authLDAPUseTLS1'   	    => false,
    'authLDAPBindUser1' 	    => 'org\svc_zendto',
    'authLDAPBindPass1' 	    => 'password’,
  //'authLDAPMemberKey'   	  => '',
  //'authLDAPMemberRole'		=> '',
    'authLDAPOrganization1'     => 'org',
 
Ldapsearch Works fine.
 
Could you help me with this?
 
Zendto Version: 5.15-1
Php Version: PHP 7.2.13 (cli) (built: Dec  6 2018 15:54:38) ( NTS )
 
 
Thanks in advance
 

  
RICARDO ARAUJO POPOIRE WANDERLEY
 
 
Tels. 55 21 3223 7944 | 7700
Cel.  55 21 99477 6779
Fax   55 21 3223 7738 
 
 
 
 
 

A impressão consciente gera economia e responsabilidade com o meio
ambiente
 

Atenção: Esta comunicação deve ser lida apenas pelo seu destinatário e
não pode ser retransmitida sem autorização formal. Se esta mensagem
tiver sido recebida indevidamente, por favor destrua-a e retire-a de seu
computador.
Qualquer reprodução, disseminação, alteração, distribuição e/ou
publicação deste e-mail é estritamente proibida.
 
Notice of Confidentiality: This document should only be read by those
persons to whom it is addressed and is not intended to be relied upon by
any person without subsequent written confirmation of its contents. If
you have received this e-mail message in error, please destroy it and
delete it from your computer.
Any form of r
eproduction, dissemination, copying, disclosure,
modification, distribution and/or publication of this e-mail message is
strictly prohibited.
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190109/9bf188b5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMAGE.png
Type: image/png
Size: 18080 bytes
Desc: Portable Network Graphics Format
URL: <http://jul.es/pipermail/zendto/attachments/20190109/9bf188b5/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMAGE.jpeg
Type: image/jpeg
Size: 6558 bytes
Desc: JPEG image
URL: <http://jul.es/pipermail/zendto/attachments/20190109/9bf188b5/attachment-0001.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMAGE.png
Type: image/png
Size: 1827 bytes
Desc: Portable Network Graphics Format
URL: <http://jul.es/pipermail/zendto/attachments/20190109/9bf188b5/attachment-0003.png>


More information about the ZendTo mailing list