<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
Scott,<br>
<br>
Are you using LDAP or AD, for starters?<br>
<br>
Read the AD setup notes at<br>
<a class="moz-txt-link-freetext" href="https://zend.to/activedirectory.php">https://zend.to/activedirectory.php</a><br>
as AD is basically the same as LDAP but with a few code tweaks. All
the same information about the <a class="moz-txt-link-freetext" href="ldaps://">ldaps://</a> URLs still applies, and the
authLDAPUseSSL setting and similar.<br>
<br>
There is a troubleshooting guide there as well, for how to work out
exactly where any SSL cert problems are, if your AD/LDAP server is
rejecting the connections.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
<div class="moz-cite-prefix">On 20/05/2020 18:01, Scott Silva via
ZendTo wrote:<br>
</div>
<blockquote type="cite"
cite="mid:WM!5faa380c7446425deca1346837937362ffe958f335d940841de55e6656359ee6688362c62c909abd5f3981b1e8cdebea!@mx.jul.es">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:"Open Sans";}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.groupwisereplyheader
{mso-style-name:groupwisereplyheader;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I
never got it working on my system… If I can’t get it working
I will probably have to drop the software when Windows
forces the change…<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"
moz-do-not-send="true"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
ZendTo [<a class="moz-txt-link-freetext" href="mailto:zendto-bounces@zend.to">mailto:zendto-bounces@zend.to</a>]
<b>On Behalf Of </b>Ken Etter via ZendTo<br>
<b>Sent:</b> Wednesday, May 20, 2020 9:24 AM<br>
<b>To:</b> Jules Field <a class="moz-txt-link-rfc2396E" href="mailto:jules@zend.to"><jules@zend.to></a>; ZendTo
List <a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a><br>
<b>Cc:</b> Ken Etter <a class="moz-txt-link-rfc2396E" href="mailto:KLE@msktd.com"><KLE@msktd.com></a><br>
<b>Subject:</b> Re: [ZendTo] LDAP authentication<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div
id="GroupWiseSection_1589991464000_KLE@msktd.com_1FEF159614D20000B1ED8700B3004500_">
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Jules,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Is there anything special required
to get LDAP working with SSL? I tried setting
'authLDAPUseSSL' to true, rebooted and logins fail. I
then tried adding the port number (after a colon) to the
address in 'authLDAPServers' and rebooted and logins
still fail. If I use an ldap browser to connect, it
works although it does complain about the certificate.
Do I need to import the certificate for ZendTo to be
able to connect? If so, do you have any directions for
this?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><br>
Thanks!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Ken<o:p></o:p></span></p>
</div>
<div id="GroupWiseSection_1589979559000_Jules@Zend.To">
<p class="MsoNormal"><span class="groupwisereplyheader"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">>>> Jules <<a
href="mailto:Jules@Zend.To" moz-do-not-send="true">Jules@Zend.To</a>>
5/20/2020 8:59 AM >>></span></span><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">I always forget about it too!<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">And I wrote it :-(<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">On 20/05/2020 13:48, Ken Etter
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div
id="GroupWiseSection_1589978827000_KLE@msktd.com_1FEF159614D20000B1ED8700B3004500_">
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Thanks Jules! I completely
forgot about that feature. That explains it.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Ken<o:p></o:p></span></p>
</div>
<div id="GroupWiseSection_1589964896000_Jules@Zend.To">
<p class="MsoNormal"><span
class="groupwisereplyheader"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">>>> Jules
<a href="mailto:Jules@Zend.To"
moz-do-not-send="true"><Jules@Zend.To></a>
5/20/2020 4:54 AM >>></span></span><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Ken,
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">ZendTo actively locks
out (for 24 hours) users who have failed too
many login attempts in a day.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">This protects against
hackers using your ZendTo to attempt to find
passwords by brute force.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">There are 2 ways of
seeing who is currently locked out, and to
manually unlock them immediately:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">1. The web interface
for an Admin user (it's one of the red
buttons).<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">2. But if you can't get
to that, then run /opt/zendto/bin/unlockuser
and it will show its command-line usage. You
should just be able to run<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><tt><span
style="font-size:10.0pt">sudo
/opt/zendto/bin/unlockuser -a</span></tt><span
style="font-size:10.0pt;font-family:"Segoe UI",sans-serif">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">to unlock every
temporarily-locked account.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Hope that helps,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Jules.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">On 19/05/2020 22:28,
Ken Etter via ZendTo wrote:<o:p></o:p></span></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div id="GroupWiseSection_1589921280000_KLE">
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">And now it is
working again. Since a trace on my ldap
server showed I wasn't even getting a
query from ZendTo, I decided to see what
my firewall was seeing. ZendTo is
installed in my DMZ. I log into the
firewall and do a couple of logins to
ZendTo with other accounts and watch
what shows up in the firewall. Then I
try my login again and it works and
shows up in the firewall as expected. I
had changed nothing, I just logged into
the firewall to see the activity.
Frustrating not knowing why, but things
are working again. I assume the firewall
between the DMZ and the rest of the
network was the issue, but I have no
idea how or why since it just started
working.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">My apologies for
all the clutter on the mailing list.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Ken<o:p></o:p></span></p>
</div>
<div id="GroupWiseSection_1589920870000_KLE">
<p class="MsoNormal"><span
class="groupwisereplyheader"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">>>> Ken
Etter 5/19/2020 4:48 PM >>></span></span><span
style="font-size:10.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">I have other
software that also does LDAP
authentication and my account works
fine there. A trace on my LDAP server
shows the login happening as expected.
So it is as if ZendTo thinks my
account is not an LDAP account and is
trying to authenticate elsewhere and
failing.<br>
<br>
Ken<o:p></o:p></span></p>
</div>
</div>
<div
id="GroupWiseSection_1589920611000_KLE@msktd.com_1FEF159614D20000B1ED8700B3004500_">
<p class="MsoNormal"><span
class="groupwisereplyheader"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">>>> Ken
Etter 5/19/2020 4:41 PM >>></span></span><span
style="font-size:10.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif">Doing some more
digging into this and not making much
progress. I was working on moving
ZendTo ldap authentication from port
389 to port 636 (SSL). Something
wasn't working right, but now my
account is locked out of ZendTo. Doing
a trace from my LDAP server shows that
I don't even get a request from
ZendTo. ZendTo is working for all
accounts except mine. Is there
anything at all within ZendTo that
might give me a clue as to what is
going on?<o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="margin-bottom:3.75pt"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><br>
<br>
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="margin-bottom:3.75pt"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">Ken
Etter</span></strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">,
System Administrator</span><span
style="font-size:10.0pt;font-family:"Open
Sans";color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="margin-bottom:3.75pt"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#00ABE2">Architectural
Group</span><span
style="font-size:10.0pt;font-family:"Open
Sans";color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="margin-bottom:3.75pt"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">260.432.9337
|
</span><span
style="font-size:10.0pt;font-family:"Open
Sans";color:black"><a
href="http://msktd.com/"
moz-do-not-send="true"><span
style="font-family:"Arial",sans-serif;color:black;text-decoration:none">msktd.com</span></a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="margin-bottom:3.75pt"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"
style="margin-bottom:3.75pt"><span
style="font-size:10.0pt;font-family:"Open
Sans";color:black"><a
href="http://msktd.com/"
moz-do-not-send="true"><span
style="color:black;text-decoration:none"><img
id="_x0000_i1025"
src="cid:part5.F9D73733.9FCB0E51@Zend.To"
class="" width="181" height="56"
border="0"></span></a><o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:3.75pt"><span
style="font-size:10.0pt;font-family:"Open
Sans";color:black"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>ZendTo mailing list<o:p></o:p></pre>
<pre><a href="mailto:ZendTo@zend.to" moz-do-not-send="true">ZendTo@zend.to</a><o:p></o:p></pre>
<pre><a href="http://jul.es/mailman/listinfo/zendto" moz-do-not-send="true">http://jul.es/mailman/listinfo/zendto</a><o:p></o:p></pre>
</blockquote>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
<pre>Jules<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>'Teach a man to reason, and he will think for a lifetime.' - Phil Plait<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Segoe
UI",sans-serif"><o:p> </o:p></span></p>
</div>
<pre>Jules<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>The current UK shipping forecast:<o:p></o:p></pre>
<pre>Shannon, Rockall: South backing southwest 5 to 7, occasionally gale 8 later in<o:p></o:p></pre>
<pre>Shannon. Moderate or rough. Rain, showers later. Good, occasionally poor.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://jul.es/mailman/listinfo/zendto">http://jul.es/mailman/listinfo/zendto</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
How to stop time: kiss.
How to travel in time: read.
How to escape time: music.
How to feel time: write.
How to release time: breathe.
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
</pre>
</body>
</html>