[ZendTo] 500 server error on successful AD authentication

Bailey Coole Bailey.Coole at outlook.com
Mon Dec 14 13:09:38 GMT 2020 

Hi

Thank you, that fixed it.

I was using multi to test if it was  failing on any auth or just  failing on just AD auth.

I was surprised aswell, seems like that kind of thing that would be more widespread/reported by now indeed.

I did find the settings to get the AD connections working at all to be somewhat different from those documented in the preference file/we weren’t forced to ldaps:
‘authLDAPServers1’ => array (‘<the dc host name, with nod ldap or ldaps prefix>’).
‘authLDAPUseSSL1’ = > false
‘authLDAPUseTLS1’ => false
‘authLDAPBindUser1’ => ‘ <the full distinguished name of the service account to bind to>’
‘authLDAPUsernameAttribute1’ => ‘sAMAccountName’
The domain controller is running windows server 2019.

Maybe some part of that config just doesn’t ‘play nicely’?

Yes, I know we should get the certs/tls playing nicely, but we were having issues with them and we needed to have a working demo together.

Cheers for the fix, and Merry Christmas (or your regional /personal equivalent).

Kind regards

Bailey


From: Jules <Jules at Zend.To>
Sent: 14 December 2020 17:59
To: ZendTo Users <zendto at zend.to>
Cc: Bailey Coole <Bailey.Coole at outlook.com>
Subject: Re: [ZendTo] 500 server error on successful AD authentication

Bailey,

Bother, thumped Send by mistake.

Bar a bit of formatting, that actually does contain the change I want you to try making.

BTW Why are you using the "Multi" authenticator? Can't you just do it all with AD? It's simpler to administer (in years time, after you've left the organisation) if all the users come from the same place.

Cheers,
Jules.
On Mon 14/12/20 09:56, Julian Field via ZendTo wrote:
Bailey,

Interesting one, slightly surprised that (a) it causes an error in your case, and that (b) in that case, no one has seen it before.

Edit /opt/zendto/lib/NSSADAuthenticator.php and change line 658
from
                if ( @$value['count'] >= 1 ) {
to
                if ( is_array($value) && @$value['count'] >= 1 ) {


On Fri 11/12/20 23:47, Bailey Coole via ZendTo wrote:
We're running 6.05-4 on CentOS 8.

If an AD user successfully authenticates, they get a 500-server error.
If an AD user inputs an incorrect password, they are warned that "The username or password was incorrect" (as expected).
If a local (i.e., admin) user authenticates, everything 'works' properly.

I don't *think* this is an issue with the ldap/AD config as ldapsearch with the same inputs returns all the expected users and the same settings (different bind account) are in use elsewhere in our infrastructure.
Nothing showing in the apache logs, but there is a Fatal error in the php log:

[11-Dec-2020 17:45:36 Australia/Perth] PHP Warning:  Attempt to read property "value" on null in /var/zendto/templates_c/9da848d4b67ceaa147b62c8524dedce691bc7ce2_0.file.header.tpl.cache.php on line 424
[11-Dec-2020 17:45:42 Australia/Perth] PHP Fatal error:  Uncaught TypeError: Cannot access offset of type string on string in /opt/zendto/lib/NSSADAuthenticator.php:658
Stack trace:
#0 /opt/zendto/lib/NSSADAuthenticator.php(485): NSSADAuthenticator->Tryauthenticate()
#1 /opt/zendto/lib/NSSMultiAuthenticator.php(154): NSSADAuthenticator->authenticate()
#2 /opt/zendto/lib/NSSDropbox.php(2332): NSSMultiAuthenticator->authenticate()
#3 /opt/zendto/lib/NSSDropbox.php(620): NSSDropbox->userFromAuthentication()
#4 /opt/zendto/www/index.php(35): NSSDropbox->__construct()
#5 {main}
  thrown in /opt/zendto/lib/NSSADAuthenticator.php on line 658

Any ideas on what could be causing this behaviour?

Thank you





_______________________________________________

ZendTo mailing list

ZendTo at zend.to<mailto:ZendTo at zend.to>

http://jul.es/mailman/listinfo/zendto



Jules



--

Julian Field MEng CEng CITP MBCS MIEEE MACM



'Intelligence is quickness to apprehend as distinct from ability,

 which is capacity to act wisely on the thing apprehended.'

 - Alfred North Whitehead



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM



_______________________________________________

ZendTo mailing list

ZendTo at zend.to<mailto:ZendTo at zend.to>

http://jul.es/mailman/listinfo/zendto



Jules



--

Julian Field MEng CEng CITP MBCS MIEEE MACM



'Think globally, act locally.' - Friends of the Earth



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20201214/041c667a/attachment-0001.html>

More information about the ZendTo mailing list