[ZendTo] AD Authentication Issue

Jules Field Jules at Zend.To
Thu Jan 10 09:06:06 GMT 2019


Ricardo,

Please try upgrading to the latest beta. This should fix the problem for 
you.
You can find the beta download links at
     zend.to/beta.php

Once I hear confirmation from someone that the latest beta all works 
okay, I'll make it into a production release.

Cheers,
Jules.

On 09/01/2019 20:17, RICARDO ARAÚJO POPOIRE WANDERLEY via ZendTo wrote:
>
> Yes Karl,
>
> I did this but even if an user is not member of it is able to login.
>
> I receive the message “unauthorized” but a can log in and drop-off.
>
> At.te
>
> Ricardo Araujo
>
> 21 3223 7944
>
> *From:*Karl Bundy <karl.bundy at aldentorch.com>
> *Sent:* quarta-feira, 9 de janeiro de 2019 18:15
> *To:* ZendTo Users <zendto at zend.to>; 'Ken Etter' <KLE at msktd.com>
> *Cc:* RICARDO ARAÚJO POPOIRE WANDERLEY <ricardo.araujo at modal.com.br>
> *Subject:* RE: [ZendTo] AD Authentication Issue
>
> I don’t think that you can use the CN in your domain binding, you can 
> only narrow down users by OU.  If you need to use a group membership 
> check, it looks like the setting to do this is with these two lines in 
> the config file:
>
> 'authLDAPMemberKey' => 'memberOf',
>
> 'authLDAPMemberRole' => 
> 'cn=zendtoUsers,OU=securityGroups,DC=soton,DC=ac,DC=uk',
>
> *From:*ZendTo [mailto:zendto-bounces at zend.to] *On Behalf Of *RICARDO 
> ARAÚJO POPOIRE WANDERLEY via ZendTo
> *Sent:* Wednesday, January 09, 2019 12:53 PM
> *To:* 'Ken Etter' <KLE at msktd.com <mailto:KLE at msktd.com>>; ZendTo List 
> <zendto at zend.to <mailto:zendto at zend.to>>
> *Cc:* RICARDO ARAÚJO POPOIRE WANDERLEY <ricardo.araujo at modal.com.br 
> <mailto:ricardo.araujo at modal.com.br>>
> *Subject:* Re: [ZendTo] AD Authentication Issue
>
> Hi Ken
>
> I’m using CN because I need to allow users only from specify group.
>
> Even without “domain\user” I get this issue.  LDAP auth doesn’t 
> working, I get LDAP error.
>
> Ldapsearch is OK and I can bind normally.
>
> Could you send an example of your conf for LDAP auth?
>
> Thanks!
>
> At.te
>
> Ricardo Araujo
>
> 21 3223 7944
>
> *From:*Ken Etter <KLE at msktd.com <mailto:KLE at msktd.com>>
> *Sent:* quarta-feira, 9 de janeiro de 2019 17:43
> *To:* ZendTo List <zendto at zend.to <mailto:zendto at zend.to>>
> *Cc:* RICARDO ARAÚJO POPOIRE WANDERLEY <ricardo.araujo at modal.com.br 
> <mailto:ricardo.araujo at modal.com.br>>
> *Subject:* Re: [ZendTo] AD Authentication Issue
>
> I authenticate against LDAP, not AD.  I'm not AD knowledgeable, so 
> just throwing out some random thoughts...
>
> Are you sure that your authLDAPBaseDN1 is correct?  I'm used to seeing 
> OU or O in there, and I know AD uses DC, but is CN correct?
>
> Should authLDAPBindUser1 have "org\" in front of the username?
>
> >>> RICARDO ARAÚJO POPOIRE WANDERLEY via ZendTo <zendto at zend.to 
> <mailto:zendto at zend.to>> 1/9/2019 2:31 PM >>>
>
> Guys,
>
> Any update on this?
>
> At.te
>
> Ricardo Araujo
>
> 21 3223 7944
>
> *From:*RICARDO ARAÚJO POPOIRE WANDERLEY
> *Sent:* terça-feira, 8 de janeiro de 2019 15:46
> *To:* ZendTo Users <zendto at zend.to <mailto:zendto at zend.to>>
> *Subject:* AD Authentication Issue
>
> Hi Folks
>
> We are facing an issue with AD authentication. When I set AD mode I 
> can logged in even if I try to do this with an user that doesn’t 
> exists in my AD environment.
>
> It seems to Zendto is bypassing and accepting users to login with any 
> account and password.
>
> Preferences.php is configured as bellow:
>
>   'authenticator'             => 'AD',
>
>     'authLDAPServers1'          => array('xxx.xxx.xxx.xxx'),
>
>     'authLDAPBaseDN1'           => array('CN=XXX,DC=XXXX,DC=XXX,DC=XXX'),
>
>     'authLDAPAccountSuffix1'    => '@xxxx.xxx.xxx',
>
>     'authLDAPUseSSL1'           => false,
>
>   //'authLDAPUseTLS1'           => false,
>
>     'authLDAPBindUser1'         => 'org\svc_zendto',
>
>     'authLDAPBindPass1'         => 'password’,
>
>   //'authLDAPMemberKey'         => '',
>
>   //'authLDAPMemberRole'        => '',
>
>     'authLDAPOrganization1'     => 'org',
>
> Ldapsearch Works fine.
>
> Could you help me with this?
>
> Zendto Version: 5.15-1
>
> Php Version: PHP 7.2.13 (cli) (built: Dec  6 2018 15:54:38) ( NTS )
>
> Thanks in advance
>
> http://www.modal.com.br/emailmkt/marca-assinatura.jpg 
> <https://modal.com.br/html/index.php>
>
> 	
>
> 	
>
> *RICARDO ARAUJO POPOIRE WANDERLEY*
>
>
> 	
>
> 	
>
> 	
>
> Tels. 55 21 3223 7944 | 7700
> Cel.  55 21 99477 6779
> Fax   55 21 3223 7738
>
> 	
>
> 	
>
> 	
>
> A impressão consciente gera economia e responsabilidade com o meio 
> ambiente
>
> Atenção:Esta comunicação deve ser lida apenas pelo seu destinatário e 
> não pode ser retransmitida sem autorização formal. Se esta mensagem 
> tiver sido recebida indevidamente, por favor destrua-a e retire-a de 
> seu computador.
> Qualquer reprodução, disseminação, alteração, distribuição e/ou 
> publicação deste e-mail é estritamente proibida.
>
> Notice of Confidentiality:This document should only be read by those 
> persons to whom it is addressed and is not intended to be relied upon 
> by any person without subsequent written confirmation of its contents. 
> If you have received this e-mail message in error, please destroy it 
> and delete it from your computer.
> Any form of reproduction, dissemination, copying, disclosure, 
> modification, distribution and/or publication of this e-mail message 
> is strictly prohibited.
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'When a man points a finger at someone else, he should remember
  that four of his fingers are pointing at himself.' - Louis Nizer

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190110/b13cdbab/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6558 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20190110/b13cdbab/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 2270 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20190110/b13cdbab/attachment-0001.png>


More information about the ZendTo mailing list