[ZendTo] MS LDAPs

Jules Field Jules at Zend.To
Wed Feb 12 15:06:01 GMT 2020


Scott,

I have just done a CentOS 7 install of the latest ZendTo beta from 
scratch, including using SELinux.

I set the preferences.php settings to

     authLDAPServers1 => array('ldaps://our-AD-server.soton.ac.uk'),
     authLDAPBaseDN1 => 'DC=soton,DC=ac,DC=uk',
     authLDAPAccountSuffix1 => '@soton.ac.uk',
     authLDAPUseSSL1 => false,
     authLDAPUseTLS1 => false,

and it just worked immediately. I didn't have to install any other 
packages at all.

Our AD servers are listening on 636/tcp (the TCP port for ldaps 
according to /etc/services).

I have already tested the same thing on Ubuntu 18.04 and it worked first 
time there too.

If you are using some sort of a self-signed or locally-signed 
certificate on your AD server(s), then you will need to add your local 
root CA public cert to the TLS_CACERT file, or else the ZendTo server 
won't be able to verify the cert it gets from the AD server. But if you 
are using a "normal" externally-signed commercial cert, it should work fine.


On 10/02/2020 18:39, Scott Silva via ZendTo wrote:
> In my case I know the ports are open because I have a Linux based spam filter that is able to auth secured.
>
>
> -----Original Message-----
> From: ZendTo <zendto-bounces at zend.to> On Behalf Of Guy Bertrand via ZendTo
> Sent: Monday, February 10, 2020 10:37 AM
> To: zendto at zend.to
> Cc: Guy Bertrand <Guy.Bertrand at exelaonline.com>
> Subject: [ZendTo] MS LDAPs
>
> Reminder: LDAPS would normally use port 636 instead of ldap/389 to talk to the domain controller.  Don't forget to check things between your ZendTo server and the domain controller:
> - the outgoing firewall config on the ZendTo server
> - the firewall on the DC (is port 636 open?)
> - routing
> - any intermediate firewall rules
>
> Quick test: open a command prompt (CMD on Windows, any shell on *nix).  This will try to "telnet" to that port.
> C:\> telnet "ip of your DC" 636
> If a blank screen appears then the port is open, and the test is successful.
> If you receive a connecting... message or an error message then something is blocking that port.
>
> Guy Bertrand, M.Ing
> Directeur informatique / IT Manager
> EXELA TECHNOLOGIES
> b: +1.514.392.4999 | m: +1.514.265.9754
> 1155, boulevard Robert-Bourassa, suite 500 | Montréal (Québec) CANADA H3B 3A7 www.ExelaTech.com | EXELA LinkedIn
>
>
> ________________________________
> Attention : le présent message et toutes les pièces jointes sont confidentiels et établis à l'attention exclusive du ou des destinataire(s) indiqué(s). Toute autre diffusion ou utilisation non autorisée est interdite. Si vous recevez ce message par erreur, veuillez immédiatement en avertir l'expéditeur par e-mail en retour, détruire le message et vous abstenir de toute référence aux informations qui y figurent afin d'éviter les sanctions attachées à la divulgation et à l'utilisation d'informations confidentielles. Les messages électroniques sont susceptibles d'altération. Exela Technologies et ses filiales déclinent toute responsabilité en cas d'altération ou de falsification du présent message.
> ________________________________
> Please consider the environment before printing or forwarding this email. If you do print this email, please recycle the paper.
>
> This email message may contain confidential, proprietary and/or privileged information. It is intended only for the use of the intended recipient(s). If you have received it in error, please immediately advise the sender by reply email and then delete this email message. Any disclosure, copying, distribution or use of the information contained in this email message to or by anyone other than the intended recipient is strictly prohibited. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Exela Technologies, Inc. or its subsidiaries.
>
> This email does not constitute an agreement to conduct transactions by electronic means and does not create any legally binding contract or enforceable obligation against Exela in the absence of a fully signed written agreement.
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'A good programmer is someone who always looks both ways
  before crossing a one-way street.' - Doug Linder

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200212/0d2a6ff5/attachment-0001.html>


More information about the ZendTo mailing list