[ZendTo] upgrade script and LDAP authentication values

John Thurston john.thurston at alaska.gov
Wed Jul 22 19:01:05 BST 2020 

On 7/22/2020 9:08 AM, Jules wrote:
> But if you are using the LDAP authenticator, surely you have to define 
> those values for the authenticator to work at all.
> I don't quite see how you are using the LDAP authenticator successfully 
> with no settings for it whatsoever.

Because our internal directory has all of our users in one OU (which is 
defined as the BaseDN, so no directory searching is required). No 
search, hence no authenticated service account, hence those values are 
commented out.


The relevant output (slightly sanitized) of uncommented lines from 
preferences.cfg

>   'authenticator'         => 'LDAP',
> 
>   'authIMAPServer' => 'mail.soton.ac.uk',
>   'authIMAPDomain' => 'soton.ac.uk',
>   'authIMAPOrganization' => 'University of Southampton',
>   'authIMAPAdmins' => array(),
> 
>   'authLDAPBaseDN'        => 'OU=ourusers,o=state.ak.us',
>   'authLDAPServers'       => array('ldap1.state.ak.us','ldap2.state.ak.us'),
>   'authLDAPAccountSuffix' => '@alaska.gov',
>   'authLDAPUseSSL'        => true,
>   'authLDAPFullName'      => 'givenName sn',
> 
>   'authLDAPServers1'          => array('ad1.ecs.soton.ac.uk','ad2.ecs.soton.ac.uk'),
>   'authLDAPBaseDN1'           => 'OU=users,DC=ecs,DC=soton,DC=ac,DC=uk',
>   'authLDAPAccountSuffix1'    => '@ecs.soton.ac.uk',
>   'authLDAPUseSSL1'           => false,
>   'authLDAPUseTLS1'           => false,
>   'authLDAPBindUser1'         => 'SecretUsername1',
>   'authLDAPBindPass1'         => 'SecretPassword1',
>   'authLDAPOrganization1'     => 'ECS, University of Southampton',
>   'authLDAPUsernameAttribute1' => 'sAMAccountName',
>   'authLDAPServers2'          => array('ad1.soton.ac.uk','ad2.soton.ac.uk'),
>   'authLDAPBaseDN2'           => 'DC=soton,DC=ac,DC=uk',
>   'authLDAPAccountSuffix2'    => '@soton.ac.uk',
>   'authLDAPUseSSL2'           => false,
>   'authLDAPUseTLS2'           => false,
>   'authLDAPBindUser2'         => 'SecretUsername2',
>   'authLDAPBindPass2'         => 'SecretPassword2',
>   'authLDAPOrganization2'     => 'University of Southampton',
>   'authLDAPUsernameAttribute2' => '',
>   'authLDAPServers3'          => array('ad1.example.com','ad2.example.com'),
>   'authLDAPBaseDN3'           => 'DC=example,DC=com',
>   'authLDAPAccountSuffix3'    => '@example.com',
>   'authLDAPUseSSL3'           => false,
>   'authLDAPUseTLS3'           => false,
>   'authLDAPBindUser3'         => 'SecretUsername3',
>   'authLDAPBindPass3'         => 'SecretPassword3',
>   'authLDAPOrganization3'     => 'Example Inc.',
>   'authLDAPUsernameAttribute3' => '',
> 
>   'authMultiAuthenticators' => array('AD', 'Local'),



--
Do things because you should, not just because you can.

John Thurston    907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska

More information about the ZendTo mailing list