[ZendTo] LDAP authentication
Jules
Jules at Zend.To
Wed May 20 18:15:39 BST 2020
Scott,
Are you using LDAP or AD, for starters?
Read the AD setup notes at
https://zend.to/activedirectory.php
as AD is basically the same as LDAP but with a few code tweaks. All the
same information about the ldaps:// URLs still applies, and the
authLDAPUseSSL setting and similar.
There is a troubleshooting guide there as well, for how to work out
exactly where any SSL cert problems are, if your AD/LDAP server is
rejecting the connections.
Cheers,
Jules.
On 20/05/2020 18:01, Scott Silva via ZendTo wrote:
>
> I never got it working on my system… If I can’t get it working I will
> probably have to drop the software when Windows forces the change…
>
> *From:*ZendTo [mailto:zendto-bounces at zend.to] *On Behalf Of *Ken Etter
> via ZendTo
> *Sent:* Wednesday, May 20, 2020 9:24 AM
> *To:* Jules Field <jules at zend.to>; ZendTo List <zendto at zend.to>
> *Cc:* Ken Etter <KLE at msktd.com>
> *Subject:* Re: [ZendTo] LDAP authentication
>
> Jules,
>
> Is there anything special required to get LDAP working with SSL? I
> tried setting 'authLDAPUseSSL' to true, rebooted and logins fail. I
> then tried adding the port number (after a colon) to the address in
> 'authLDAPServers' and rebooted and logins still fail. If I use an
> ldap browser to connect, it works although it does complain about the
> certificate. Do I need to import the certificate for ZendTo to be able
> to connect? If so, do you have any directions for this?
>
>
> Thanks!
>
> Ken
>
> >>> Jules <Jules at Zend.To <mailto:Jules at Zend.To>> 5/20/2020 8:59 AM >>>
>
> I always forget about it too!
>
> And I wrote it :-(
>
> On 20/05/2020 13:48, Ken Etter wrote:
>
> Thanks Jules! I completely forgot about that feature. That
> explains it.
>
> Ken
>
> >>> Jules <Jules at Zend.To> <mailto:Jules at Zend.To> 5/20/2020 4:54 AM >>>
>
> Ken,
>
> ZendTo actively locks out (for 24 hours) users who have failed too
> many login attempts in a day.
>
> This protects against hackers using your ZendTo to attempt to find
> passwords by brute force.
>
> There are 2 ways of seeing who is currently locked out, and to
> manually unlock them immediately:
>
> 1. The web interface for an Admin user (it's one of the red buttons).
>
> 2. But if you can't get to that, then run
> /opt/zendto/bin/unlockuser and it will show its command-line
> usage. You should just be able to run
>
> sudo /opt/zendto/bin/unlockuser -a
>
> to unlock every temporarily-locked account.
>
> Hope that helps,
>
> Jules.
>
> On 19/05/2020 22:28, Ken Etter via ZendTo wrote:
>
> And now it is working again. Since a trace on my ldap server
> showed I wasn't even getting a query from ZendTo, I decided to
> see what my firewall was seeing. ZendTo is installed in my
> DMZ. I log into the firewall and do a couple of logins to
> ZendTo with other accounts and watch what shows up in the
> firewall. Then I try my login again and it works and shows up
> in the firewall as expected. I had changed nothing, I just
> logged into the firewall to see the activity. Frustrating not
> knowing why, but things are working again. I assume the
> firewall between the DMZ and the rest of the network was the
> issue, but I have no idea how or why since it just started
> working.
>
> My apologies for all the clutter on the mailing list.
>
> Ken
>
> >>> Ken Etter 5/19/2020 4:48 PM >>>
>
> I have other software that also does LDAP authentication and
> my account works fine there. A trace on my LDAP server shows
> the login happening as expected. So it is as if ZendTo thinks
> my account is not an LDAP account and is trying to
> authenticate elsewhere and failing.
>
> Ken
>
> >>> Ken Etter 5/19/2020 4:41 PM >>>
>
> Doing some more digging into this and not making much
> progress. I was working on moving ZendTo ldap authentication
> from port 389 to port 636 (SSL). Something wasn't working
> right, but now my account is locked out of ZendTo. Doing a
> trace from my LDAP server shows that I don't even get a
> request from ZendTo. ZendTo is working for all accounts except
> mine. Is there anything at all within ZendTo that might give
> me a clue as to what is going on?
>
>
>
> *Ken Etter*, System Administrator
>
> Architectural Group
>
> 260.432.9337 | msktd.com <http://msktd.com/>
>
> <http://msktd.com/>
>
> _______________________________________________
>
> ZendTo mailing list
>
> ZendTo at zend.to <mailto:ZendTo at zend.to>
>
> http://jul.es/mailman/listinfo/zendto
>
> Jules
>
> --
>
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> 'Teach a man to reason, and he will think for a lifetime.' - Phil Plait
>
> www.Zend.To <http://www.Zend.To>
>
> Twitter: @JulesFM
>
> Jules
> --
> Julian Field MEng CEng CITP MBCS MIEEE MACM
> The current UK shipping forecast:
> Shannon, Rockall: South backing southwest 5 to 7, occasionally gale 8 later in
> Shannon. Moderate or rough. Rain, showers later. Good, occasionally poor.
> www.Zend.To <http://www.Zend.To>
> Twitter: @JulesFM
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
How to stop time: kiss.
How to travel in time: read.
How to escape time: music.
How to feel time: write.
How to release time: breathe.
www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200520/1e359ed2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18067 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200520/1e359ed2/attachment-0001.png>
More information about the ZendTo
mailing list