[ZendTo] LDAP authentication

Jules Jules at Zend.To
Wed May 20 18:15:39 BST 2020


Scott,

Are you using LDAP or AD, for starters?

Read the AD setup notes at
     https://zend.to/activedirectory.php
as AD is basically the same as LDAP but with a few code tweaks. All the 
same information about the ldaps:// URLs still applies, and the 
authLDAPUseSSL setting and similar.

There is a troubleshooting guide there as well, for how to work out 
exactly where any SSL cert problems are, if your AD/LDAP server is 
rejecting the connections.

Cheers,
Jules.

On 20/05/2020 18:01, Scott Silva via ZendTo wrote:
>
> I never got it working on my system… If I can’t get it working I will 
> probably have to drop the software when Windows forces the change…
>
> *From:*ZendTo [mailto:zendto-bounces at zend.to] *On Behalf Of *Ken Etter 
> via ZendTo
> *Sent:* Wednesday, May 20, 2020 9:24 AM
> *To:* Jules Field <jules at zend.to>; ZendTo List <zendto at zend.to>
> *Cc:* Ken Etter <KLE at msktd.com>
> *Subject:* Re: [ZendTo] LDAP authentication
>
> Jules,
>
> Is there anything special required to get LDAP working with SSL?  I 
> tried setting 'authLDAPUseSSL' to true, rebooted and logins fail.  I 
> then tried adding the port number (after a colon) to the address in 
> 'authLDAPServers' and rebooted and logins still fail.  If I use an 
> ldap browser to connect, it works although it does complain about the 
> certificate. Do I need to import the certificate for ZendTo to be able 
> to connect?  If so, do you have any directions for this?
>
>
> Thanks!
>
> Ken
>
> >>> Jules <Jules at Zend.To <mailto:Jules at Zend.To>> 5/20/2020 8:59 AM >>>
>
> I always forget about it too!
>
> And I wrote it :-(
>
> On 20/05/2020 13:48, Ken Etter wrote:
>
>     Thanks Jules! I completely forgot about that feature. That
>     explains it.
>
>     Ken
>
>     >>> Jules <Jules at Zend.To> <mailto:Jules at Zend.To> 5/20/2020 4:54 AM >>>
>
>     Ken,
>
>     ZendTo actively locks out (for 24 hours) users who have failed too
>     many login attempts in a day.
>
>     This protects against hackers using your ZendTo to attempt to find
>     passwords by brute force.
>
>     There are 2 ways of seeing who is currently locked out, and to
>     manually unlock them immediately:
>
>     1. The web interface for an Admin user (it's one of the red buttons).
>
>     2. But if you can't get to that, then run
>     /opt/zendto/bin/unlockuser and it will show its command-line
>     usage. You should just be able to run
>
>     sudo /opt/zendto/bin/unlockuser -a
>
>     to unlock every temporarily-locked account.
>
>     Hope that helps,
>
>     Jules.
>
>     On 19/05/2020 22:28, Ken Etter via ZendTo wrote:
>
>         And now it is working again. Since a trace on my ldap server
>         showed I wasn't even getting a query from ZendTo, I decided to
>         see what my firewall was seeing. ZendTo is installed in my
>         DMZ. I log into the firewall and do a couple of logins to
>         ZendTo with other accounts and watch what shows up in the
>         firewall. Then I try my login again and it works and shows up
>         in the firewall as expected. I had changed nothing, I just
>         logged into the firewall to see the activity. Frustrating not
>         knowing why, but things are working again. I assume the
>         firewall between the DMZ and the rest of the network was the
>         issue, but I have no idea how or why since it just started
>         working.
>
>         My apologies for all the clutter on the mailing list.
>
>         Ken
>
>         >>> Ken Etter 5/19/2020 4:48 PM >>>
>
>         I have other software that also does LDAP authentication and
>         my account works fine there. A trace on my LDAP server shows
>         the login happening as expected. So it is as if ZendTo thinks
>         my account is not an LDAP account and is trying to
>         authenticate elsewhere and failing.
>
>         Ken
>
>         >>> Ken Etter 5/19/2020 4:41 PM >>>
>
>         Doing some more digging into this and not making much
>         progress. I was working on moving ZendTo ldap authentication
>         from port 389 to port 636 (SSL). Something wasn't working
>         right, but now my account is locked out of ZendTo. Doing a
>         trace from my LDAP server shows that I don't even get a
>         request from ZendTo. ZendTo is working for all accounts except
>         mine. Is there anything at all within ZendTo that might give
>         me a clue as to what is going on?
>
>
>
>         *Ken Etter*, System Administrator
>
>         Architectural Group
>
>         260.432.9337 | msktd.com <http://msktd.com/>
>
>         <http://msktd.com/>
>
>         _______________________________________________
>
>         ZendTo mailing list
>
>         ZendTo at zend.to  <mailto:ZendTo at zend.to>
>
>         http://jul.es/mailman/listinfo/zendto
>
>     Jules
>
>     -- 
>
>     Julian Field MEng CEng CITP MBCS MIEEE MACM
>
>     'Teach a man to reason, and he will think for a lifetime.' - Phil Plait
>
>     www.Zend.To  <http://www.Zend.To>
>
>     Twitter: @JulesFM
>
> Jules
> -- 
> Julian Field MEng CEng CITP MBCS MIEEE MACM
> The current UK shipping forecast:
> Shannon, Rockall: South backing southwest 5 to 7, occasionally gale 8 later in
> Shannon. Moderate or rough. Rain, showers later. Good, occasionally poor.
> www.Zend.To  <http://www.Zend.To>
> Twitter: @JulesFM
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

How to stop time: kiss.
How to travel in time: read.
How to escape time: music.
How to feel time: write.
How to release time: breathe.

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200520/1e359ed2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18067 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200520/1e359ed2/attachment-0001.png>


More information about the ZendTo mailing list