[ZendTo] upgrade script and LDAP authentication values

Jules Jules at Zend.To
Wed Jul 22 14:58:49 BST 2020 

John,

The upgrade script doesn't know much about comments, except that they 
are the block of lines immediately before a setting in preferences.php 
(and zendto.conf, with a different syntax).
It certainly can't actually parse them to see what you may have 
commented out.

The upgrade script also has no prior knowledge of what settings should 
be there, and what shouldn't. There is no "list of all the possible 
settings". It learns all that for itself, by reading your old 
preferences.php and the newly supplied one.

What's happening is that you are commenting out the only definition of 
'authLDAPStartTLS', for example, so it thinks this is a new setting that 
has just appeared in the very latest preferences.php (and it wasn't set 
in your previous one), so it adds it as a new setting.

But the 1 and only setting for (for example) 'authLDAPStartTLS' won't 
have any effect unless you also have set
     'authenticator' => 'LDAP',
so I don't quite see what you achieve by commenting them out. It will 
only use the authenticator settings for your chosen authenticator. All 
the others will simply have no effect.

Sorry about the 'authLDAP' naming clash between the LDAP and AD 
authenticators, that's for historic reasons from when I first forked the 
project from udel's "Dropbox" a long time ago in a galaxy far away. And 
yes, they sadly called it Dropbox, nothing to do with the "other" 
Dropbox. So I can't change that now.
The difference is that all the AD settings end with a number (1,2,3) 
whereas the LDAP settings don't.

Leaving the LDAP settings in place will have no effect *at all* on the 
AD authenticator.

Does that help explain the situation?

Cheers,
Jules.

On 21/07/2020 00:00, John Thurston via ZendTo wrote:
> Is there some way for me to designate some values in preferences.php 
> as "Just ignore me, please. Don't try to correct this." ?
>
> With each update, the upgrade script detects my commented out values 
> and does me the service of re-enabling them and supplying default 
> values. I then have to go diff the files, confirm nothing has actually 
> changed, and re-comment the attributes I don't want.
>
> >   //'authLDAPStartTLS'      => false,
> >   //'authLDAPBindDn'        => 'o=MyOrganization,uid=MyUser',
> >   //'authLDAPBindPass'      => 'SecretPassword',
> >   //'authLDAPOrganization'  => 'My Organization',
> >   //'authLDAPUsernameAttr'  => 'uid',
> >   //'authLDAPEmailAttr'     => 'mail',
>
> I tried setting each of these to null strings, hoping that might 
> trigger the code to ignore the values and also let the upgrade script 
> leave them unchanged. Bzzzt. I couldn't authenticate.
>
> I understand the difficulty in trying to detect what a customer is 
> trying to do, and how to distinguish "new values" from "intentionally 
> absent values". It is frustrating, though, to have to repeat the same 
> manual steps, potentially missing something, with every update.
>
> Maybe there could be a magic string to denote a line not just as a 
> comment but as a "leave me as a comment" line.
> Maybe triple-slash
> Maybe //!/
>
> Or is there already some way to do this that I haven't figured out?
>
>

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'Ensanguining the skies
  How heavily it dies
  Into the west away;
  Past touch and sight and sound
  Not further to be found,
  How hopeless under ground
    Falls the remorseful day.' - A.E.Houseman

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200722/a6872872/attachment.html>

More information about the ZendTo mailing list