[ZendTo] upgrade script and LDAP authentication values

Jules Jules at Zend.To
Fri Jul 24 10:26:12 BST 2020 

John,

I have just fixed that bug. It will be included in the next release.
Setting those attributes to '' now has the same effect as not setting 
them at all.
So now you don't need to fight with 'upgrade' any more (hopefully!).

Cheers,
Jules.

On 23/07/2020 17:54, John Thurston via ZendTo wrote:
>
> On 7/23/2020 3:51 AM, Jules wrote:
>> John,
>>
>> Please don't comment out settings you don't want to specify (such as 
>> the service account credentials, etc). Just leave them set to an 
>> empty string. Then 'upgrade' will be happy.
>
> As mentioned in my original note, "I tried setting each of these to 
> null strings, hoping that might trigger the code to ignore the values 
> and also let the upgrade script leave them unchanged. Bzzzt. I 
> couldn't authenticate. "
>
> But taking your advice, I tried it again...and got the same result. So 
> went to my ldap logs to see what queries were being performed, and dug 
> in the code to see how the settings are being used. The crux of the 
> problem is an empty string does not result in the same behavior as an 
> undefined value.
>
> The LDAP authenticator works perfectly for us with those settings 
> _undefined_. But, if defined, the value of 'authLDAPUsernameAttr' and 
> 'authLDAPEmailAttr' must _not be empty strings_. If they are 
> undefined, the code in NSSLDAPAuthenticator.php assumes reasonable 
> values for those two settings:
>
>   protected $_ldapUNA = 'uid';
>   protected $_ldapEMA = 'mail';
>
> which happened to align perfectly well with our directory.
>
>
>
> I will uncomment those attributes in preferences. That will make the 
> upgrade script happy.
>
> I will leave the default values for those two attributes, and set the 
> other string values to empty. That will make authentication work.
>
> And with those steps, I think my future version upgrades will be much 
> easier!
>
>
> I will also report a bug:
> The upgrade script requires the presence of at least two attributes in 
> preferences.php, which the LDAP authentication code treats as optional.
>
>
> -- 
> Do things because you should, not just because you can.
>
> John Thurston    907-465-8591
> John.Thurston at alaska.gov
> Department of Administration
> State of Alaska
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'A committee is a group of the unwilling, chosen from the unfit,
  to do the unnecessary.' - Anon

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200724/43c2c5e4/attachment.html>

More information about the ZendTo mailing list