<html><head>

<meta name="Generator" content="Novell Groupwise Client (Version 18.2.1  Build: 135777)">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head>
<body style="font: 10pt/normal Segoe UI; font-size-adjust: none; font-stretch: normal;"><div class="GroupWiseMessageBody" id="GroupWiseSection_1590084568000_KLE@msktd.com_1FEF159614D20000B1ED8700B3004500_"><div>Not at all.  If it will save someone else some time, please do.  I'm no SSL expert, but I am trying to get a bit smarter on it.</div><div><br></div><div>Sorry, but I haven't had a chance to look at the betas.  I am currently running 5.23-3.  My hands are a bit full this week.</div><div><br>Thanks for all your efforts though.  We do like ZendTo.</div><div>Ken<br></div>
  
    
  
  <div class="GroupWiseMessageBody" id="GroupWiseSection_1590084523000_Jules@Zend.To"><span class="GroupwiseReplyHeader">>>> Jules <Jules@Zend.To> 5/21/2020 2:08 PM >>><br></span><div>
    Ken,<div><br></div><div>
    </div><div>
    Mind if I add your steps to the troubleshooting section for LDAP/AD?</div><div>
    </div><div>
    Cheers,</div><div>
    Jules.</div><div>
    </div><div>
    P.S. Have you tried the latest betas? I fixed a bad Installer bug
    today too, that affects CentOS/RedHat-based systems. And there's a
    slight revision to the zendto-saml package too.</div><div>
    </div>
    <div class="moz-cite-prefix">On 21/05/2020 18:52, Ken Etter via
      ZendTo wrote:<br>
    </div>
    <blockquote cite="mid:WM!3ecef5854a02dd21c5e4959a7ba4e2334ecbf6889d09d802d7538ed1c822bf9ea66879ae06a888c8e70923e445e8aeca!@mx.jul.es" type="cite">
      <meta name="Generator" content="Novell Groupwise Client (Version         18.2.1 Build: 135777)">
      
      <div class="GroupWiseMessageBody" id="GroupWiseSection_1590082573000_KLE@msktd.com_1FEF159614D20000B1ED8700B3004500_">
        <div>Scott,</div>
        <div>After much trial and error, I figured it out for my
          system.  I assume from your statement that you are using AD. 
          I use eDirectory so I use the straight LDAP settings in
          ZendTo.  I also have ZendTo running on SLES 15.  Exact
          commands will be different for you since you use AD and
          possibly a different linux distro for ZendTo.  But here are my
          steps in case it helps...</div>
        <div><br>
        </div>
        <div>1. Retrieve the CA and server certs from my LDAP server in
          pem format.</div>
        <div>2. Copy them into a folder on my ZendTo server and combine
          them into a single pem file.</div>
        <div>3. Edit ldap.conf so the "TLS_CACERT" variable points to my
          combined pem file.</div>
        <div>4. Use ldapsearch on my ZendTo server to verify that I can
          connect to my LDAP server over port 636.</div>
        <div>5. Edit the ZendTo preferences.php file so the URL for the
          LDAP server uses the format <a href="ldaps://<server_name_or_ip>" moz-do-not-send="true">ldaps://<server_name_or_ip></a>.</div>
        <div>6. Restart the ZendTo web server.</div>
        <div>7. Verify that logins work.</div>
        <div><br>
        </div>
        <div>Hope that helps.  If you have questions, let me know.</div>
        <div>Ken<br>
        </div>
        <meta name="Generator" content="Microsoft Word 15 (filtered           medium)">
        <!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
        <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"Segoe UI";
        panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
        {font-family:"Open Sans";}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
tt
        {mso-style-priority:99;
        font-family:"Courier New";}
span.groupwisereplyheader
        {mso-style-name:groupwisereplyheader;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;}
span.EmailStyle22
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
        <div class="GroupWiseMessageBody" id="GroupWiseSection_1589994085000_zendto@zend.to"><span class="GroupwiseReplyHeader">>>> Scott Silva via
            ZendTo <a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a> 5/20/2020 1:01 PM >>><br>
          </span>
          <div>
            <div class="WordSection1">
              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='color: rgb(31, 73, 125); font-family: "Calibri",sans-serif; font-size: 11pt;'>I
                  never got it working on my system… If I can’t get it
                  working I will probably have to drop the software when
                  Windows forces the change…<o:p></o:p></span></div>
              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='color: rgb(31, 73, 125); font-family: "Calibri",sans-serif; font-size: 11pt;'><o:p> </o:p></span></div>
              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><a name="_MailEndCompose" moz-do-not-send="true"><span style='color: rgb(31, 73, 125); font-family: "Calibri",sans-serif; font-size: 11pt;'><o:p> </o:p></span></a></div>
              <div>
                <div style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(225, 225, 225) currentColor currentColor; padding: 3pt 0in 0in; border-image: none;">
                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><span style='font-family: "Calibri",sans-serif; font-size: 11pt;'>From:</span></b><span style='font-family: "Calibri",sans-serif; font-size: 11pt;'>
                      ZendTo [<a class="moz-txt-link-freetext" href="mailto:zendto-bounces@zend.to">mailto:zendto-bounces@zend.to</a>]
                      <b>On Behalf Of </b>Ken Etter via ZendTo<br>
                      <b>Sent:</b> Wednesday, May 20, 2020 9:24 AM<br>
                      <b>To:</b> Jules Field <a class="moz-txt-link-rfc2396E" href="mailto:jules@zend.to"><jules@zend.to></a>;
                      ZendTo List <a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a><br>
                      <b>Cc:</b> Ken Etter <a class="moz-txt-link-rfc2396E" href="mailto:KLE@msktd.com"><KLE@msktd.com></a><br>
                      <b>Subject:</b> Re: [ZendTo] LDAP authentication<o:p></o:p></span></div>
                </div>
              </div>
              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><o:p> </o:p></div>
              <div id="GroupWiseSection_1589991464000_KLE@msktd.com_1FEF159614D20000B1ED8700B3004500_">
                <div>
                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>Jules,<o:p></o:p></span></div>
                </div>
                <div>
                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>Is there
                      anything special required to get LDAP working with
                      SSL?  I tried setting 'authLDAPUseSSL' to true,
                      rebooted and logins fail.  I then tried adding the
                      port number (after a colon) to the address in
                      'authLDAPServers' and rebooted and logins still
                      fail.  If I use an ldap browser to connect, it
                      works although it does complain about the
                      certificate.  Do I need to import the certificate
                      for ZendTo to be able to connect?  If so, do you
                      have any directions for this?<o:p></o:p></span></div>
                </div>
                <div>
                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span><br>
                      Thanks!<o:p></o:p></span></div>
                </div>
                <div>
                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>Ken<o:p></o:p></span></div>
                </div>
                <div id="GroupWiseSection_1589979559000_Jules@Zend.To">
                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span class="groupwisereplyheader"><span>>>>
                        Jules <<a href="mailto:Jules@Zend.To" moz-do-not-send="true">Jules@Zend.To</a>>
                        5/20/2020 8:59 AM >>></span></span><span><o:p></o:p></span></div>
                  <div>
                    <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>I always
                        forget about it too!<o:p></o:p></span></div>
                    <div>
                      <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span><o:p> </o:p></span></div>
                    </div>
                    <div>
                      <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>And I
                          wrote it :-(<o:p></o:p></span></div>
                    </div>
                    <div>
                      <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>On
                          20/05/2020 13:48, Ken Etter wrote:<o:p></o:p></span></div>
                    </div>
                    <blockquote style="margin-top: 5pt; margin-bottom: 5pt;">
                      <div id="GroupWiseSection_1589978827000_KLE@msktd.com_1FEF159614D20000B1ED8700B3004500_">
                        <div>
                          <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>Thanks
                              Jules! I completely forgot about that
                              feature. That explains it.<o:p></o:p></span></div>
                        </div>
                        <div>
                          <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span><o:p> </o:p></span></div>
                        </div>
                        <div>
                          <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>Ken<o:p></o:p></span></div>
                        </div>
                        <div id="GroupWiseSection_1589964896000_Jules@Zend.To">
                          <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span class="groupwisereplyheader"><span>>>>
                                Jules
                                <a href="mailto:Jules@Zend.To" moz-do-not-send="true"><Jules@Zend.To></a>
                                5/20/2020 4:54 AM >>></span></span><span><o:p></o:p></span></div>
                          <div>
                            <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>Ken,
                                <o:p></o:p></span></div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'><o:p> </o:p></span></div>
                            </div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>ZendTo actively
                                  locks out (for 24 hours) users who
                                  have failed too many login attempts in
                                  a day.<o:p></o:p></span></div>
                            </div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>This protects
                                  against hackers using your ZendTo to
                                  attempt to find passwords by brute
                                  force.<o:p></o:p></span></div>
                            </div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>There are 2 ways of
                                  seeing who is currently locked out,
                                  and to manually unlock them
                                  immediately:<o:p></o:p></span></div>
                            </div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>1. The web interface
                                  for an Admin user (it's one of the red
                                  buttons).<o:p></o:p></span></div>
                            </div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>2. But if you can't
                                  get to that, then run
                                  /opt/zendto/bin/unlockuser and it will
                                  show its command-line usage. You
                                  should just be able to run<o:p></o:p></span></div>
                            </div>
                            <div class="MsoNormal" style="margin: 0in 0in 0pt;"><tt><span style="font-size: 10pt;">sudo /opt/zendto/bin/unlockuser
                                  -a</span></tt><span>
                                <o:p></o:p></span></div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'><o:p> </o:p></span></div>
                            </div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>to unlock every
                                  temporarily-locked account.<o:p></o:p></span></div>
                            </div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>Hope that helps,<o:p></o:p></span></div>
                            </div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>Jules.<o:p></o:p></span></div>
                            </div>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'>On 19/05/2020 22:28,
                                  Ken Etter via ZendTo wrote:<o:p></o:p></span></div>
                            </div>
                            <blockquote style="margin-top: 5pt; margin-bottom: 5pt;">
                              <div id="GroupWiseSection_1589921280000_KLE">
                                <div>
                                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>And now it is working
                                      again. Since a trace on my ldap
                                      server showed I wasn't even
                                      getting a query from ZendTo, I
                                      decided to see what my firewall
                                      was seeing. ZendTo is installed in
                                      my DMZ. I log into the firewall
                                      and do a couple of logins to
                                      ZendTo with other accounts and
                                      watch what shows up in the
                                      firewall. Then I try my login
                                      again and it works and shows up in
                                      the firewall as expected. I had
                                      changed nothing, I just logged
                                      into the firewall to see the
                                      activity. Frustrating not knowing
                                      why, but things are working again.
                                      I assume the firewall between the
                                      DMZ and the rest of the network
                                      was the issue, but I have no idea
                                      how or why since it just started
                                      working.<o:p></o:p></span></div>
                                </div>
                                <div>
                                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span><o:p> </o:p></span></div>
                                </div>
                                <div>
                                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>My apologies for all the
                                      clutter on the mailing list.<o:p></o:p></span></div>
                                </div>
                                <div>
                                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span><o:p> </o:p></span></div>
                                </div>
                                <div>
                                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>Ken<o:p></o:p></span></div>
                                </div>
                                <div id="GroupWiseSection_1589920870000_KLE">
                                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span class="groupwisereplyheader"><span>>>> Ken Etter
                                        5/19/2020 4:48 PM >>></span></span><span><o:p></o:p></span></div>
                                  <div>
                                    <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>I have other software
                                        that also does LDAP
                                        authentication and my account
                                        works fine there. A trace on my
                                        LDAP server shows the login
                                        happening as expected. So it is
                                        as if ZendTo thinks my account
                                        is not an LDAP account and is
                                        trying to authenticate elsewhere
                                        and failing.<br>
                                        <br>
                                        Ken<o:p></o:p></span></div>
                                  </div>
                                </div>
                                <div id="GroupWiseSection_1589920611000_KLE@msktd.com_1FEF159614D20000B1ED8700B3004500_">
                                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span class="groupwisereplyheader"><span>>>> Ken Etter
                                        5/19/2020 4:41 PM >>></span></span><span><o:p></o:p></span></div>
                                  <div>
                                    <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span>Doing some more digging
                                        into this and not making much
                                        progress. I was working on
                                        moving ZendTo ldap
                                        authentication from port 389 to
                                        port 636 (SSL). Something wasn't
                                        working right, but now my
                                        account is locked out of ZendTo.
                                        Doing a trace from my LDAP
                                        server shows that I don't even
                                        get a request from ZendTo.
                                        ZendTo is working for all
                                        accounts except mine. Is there
                                        anything at all within ZendTo
                                        that might give me a clue as to
                                        what is going on?<o:p></o:p></span></div>
                                  </div>
                                  <div class="MsoNormal" style="margin: 0in 0in 3.75pt;"><span><br>
                                      <br>
                                      <o:p></o:p></span></div>
                                  <div>
                                    <div class="MsoNormal" style="margin: 0in 0in 3.75pt;"><strong><span style='color: black; font-family: "Arial",sans-serif; font-size: 10pt;'>Ken Etter</span></strong><span style='color: black; font-family: "Arial",sans-serif; font-size: 10pt;'>, System
                                        Administrator</span><span style="color: black;"><o:p></o:p></span></div>
                                  </div>
                                  <div>
                                    <div class="MsoNormal" style="margin: 0in 0in 3.75pt;"><span style='color: rgb(0, 171, 226); font-family: "Arial",sans-serif; font-size: 10pt;'>Architectural
                                        Group</span><span style="color: black;"><o:p></o:p></span></div>
                                  </div>
                                  <div>
                                    <div class="MsoNormal" style="margin: 0in 0in 3.75pt;"><span style='color: black; font-family: "Arial",sans-serif; font-size: 10pt;'>260.432.9337 |
                                      </span><span style="color: black;"><a href="http://msktd.com/" moz-do-not-send="true"><span style='color: black; font-family: "Arial",sans-serif; text-decoration: none;'>msktd.com</span></a><o:p></o:p></span></div>
                                  </div>
                                  <div class="MsoNormal" style="margin: 0in 0in 3.75pt;"><span><o:p> </o:p></span></div>
                                  <div>
                                    <div class="MsoNormal" style="margin: 0in 0in 3.75pt;"><span style="color: black;"><a href="http://msktd.com/" moz-do-not-send="true"><span style="color: black; text-decoration: none;"><img width="282" height="87" id="_x0000_i1025" src="cid:DYHIDSTJWHWA.IMAGE_13.png" border="0"></span></a><o:p></o:p></span></div>
                                  </div>
                                  <div>
                                    <div>
                                      <div class="MsoNormal" style="margin: 0in 0in 3.75pt;"><span style="color: black;"><o:p> </o:p></span></div>
                                    </div>
                                  </div>
                                  <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span><o:p> </o:p></span></div>
                                </div>
                              </div>
                              <div>
                                <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span><o:p> </o:p></span></div>
                              </div>
                              <pre>_______________________________________________<o:p></o:p></pre>
                              <pre>ZendTo mailing list<o:p></o:p></pre>
                              <pre><a href="mailto:ZendTo@zend.to" moz-do-not-send="true">ZendTo@zend.to</a><o:p></o:p></pre>
                              <pre><a href="http://jul.es/mailman/listinfo/zendto" moz-do-not-send="true">http://jul.es/mailman/listinfo/zendto</a><o:p></o:p></pre>
                            </blockquote>
                            <div>
                              <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style='font-family: "Segoe UI",sans-serif; font-size: 10pt;'><o:p> </o:p></span></div>
                            </div>
                            <pre>Jules<o:p></o:p></pre>
                            <pre><o:p> </o:p></pre>
                            <pre>-- <o:p></o:p></pre>
                            <pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
                            <pre><o:p> </o:p></pre>
                            <pre>'Teach a man to reason, and he will think for a lifetime.' - Phil Plait<o:p></o:p></pre>
                            <pre><o:p> </o:p></pre>
                            <pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
                            <pre>Twitter: @JulesFM<o:p></o:p></pre>
                          </div>
                        </div>
                      </div>
                    </blockquote>
                    <div>
                      <div class="MsoNormal" style="margin: 0in 0in 0pt;"><span><o:p> </o:p></span></div>
                    </div>
                    <pre>Jules<o:p></o:p></pre>
                    <pre><o:p> </o:p></pre>
                    <pre>-- <o:p></o:p></pre>
                    <pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
                    <pre><o:p> </o:p></pre>
                    <pre>The current UK shipping forecast:<o:p></o:p></pre>
                    <pre>Shannon, Rockall: South backing southwest 5 to 7, occasionally gale 8 later in<o:p></o:p></pre>
                    <pre>Shannon. Moderate or rough. Rain, showers later. Good, occasionally poor.<o:p></o:p></pre>
                    <pre><o:p> </o:p></pre>
                    <pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
                    <pre>Twitter: @JulesFM<o:p></o:p></pre>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      <div><br></div>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://jul.es/mailman/listinfo/zendto">http://jul.es/mailman/listinfo/zendto</a>
</pre>
    </blockquote>
    <div><br></div>
    <pre class="moz-signature" cols="72">Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'Learn from yesterday, live for today,
 look to tomorrow, rest this afternoon.' - Charles M Schulz

<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
</pre>
  </div>

</div></div></body></html>