<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Aha, I think I've just spotted your mistake.<br>
<br>
You shouldn't be using<br>
'authenticator' => 'LDAP',<br>
at all, you should be using the section that starts<br>
'authenticator' => 'AD',<br>
<br>
The 'authLDAPFullName' isn't mentioned in the AD settings at all,
that's what gave it away to me just now!<br>
<br>
Jules.<br>
<br>
<div class="moz-cite-prefix">On 26/10/2012 14:40, Edgar R. Silva
wrote:<br>
</div>
<blockquote cite="mid:00ab01cdb37f$6ebf9440$4c3ebcc0$@adinet.com.uy"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \, serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML con formato previo Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Texto de globo Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.moz-txt-tag
{mso-style-name:moz-txt-tag;}
span.HTMLconformatoprevioCar
{mso-style-name:"HTML con formato previo Car";
mso-style-priority:99;
mso-style-link:"HTML con formato previo";
font-family:Consolas;
color:black;}
span.TextodegloboCar
{mso-style-name:"Texto de globo Car";
mso-style-priority:99;
mso-style-link:"Texto de globo";
font-family:"Tahoma","sans-serif";}
span.EstiloCorreo22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EstiloCorreo23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EstiloCorreo24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal" style="text-indent:35.4pt"><span
style="color:#1F497D">Hi Jules, i use "ldapsearch" to query
AD settings and work fine<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span
style="font-size:9.0pt;color:#1F497D">ldapsearch -x -LLL -E
pr=200/noprompt -h 'serverName1Here' -D 'administrator' -w
'passwordhere' -b
'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy' -s sub
'(sAMAccountName=*)' cn mail memberOf <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span
style="color:#1F497D">How transfer these options to
preferences.php?<o:p></o:p></span></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span
style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">// Settings
for the LDAP authenticator.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> //</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authenticator' => 'LDAP',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPBaseDN' =>
'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPServers' =>
array('serverName1Here.suarez.celsius.com.uy','serverName2Here.suarez.celsius.com.uy'),</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPAccountSuffix' => '',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPUseSSL' => false,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPBindDn' =>
'CN=administrator,CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPBindPass' => 'administrator password here',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPOrganization' => 'i dont know here',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">// This is
the list of LDAP properties used to build the user's full
name</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPFullName' => 'i dont know here',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">// If both
these 2 settings are set, then the users must be members of
this</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">//
group/role.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPMemberKey' => 'MemberOf',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPMemberRole' =>
'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',</span><o:p></o:p></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span
style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Tks<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Edgar.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span
style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="ES">De:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="ES"> <a class="moz-txt-link-abbreviated" href="mailto:zendto-bounces@zend.to">zendto-bounces@zend.to</a>
[<a class="moz-txt-link-freetext" href="mailto:zendto-bounces@zend.to">mailto:zendto-bounces@zend.to</a>] <b>En nombre de </b>Jules<br>
<b>Enviado el:</b> viernes, 26 de octubre de 2012 07:54<br>
<b>Para:</b> ZendTo Users<br>
<b>Asunto:</b> [ZendTo] Re: LDAP Authenticate...<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Sounds like
your AD settings aren't right. The best way to find the right
settings (and it is a bit of trial-and-error) is to use
"ldapsearch" to query your AD settings. <br>
<br>
ldapsearch -x -LLL -E pr=200/noprompt -h AD-SERVER-NAME-HERE
-D <br>
'USERNAME-HERE' -w 'PASSWORD-HERE' -b 'BASEDN-HERE' -s sub <br>
'(sAMAccountName=*)' cn mail memberOf <br>
<br>
Obviously you need to substitute your settings in there, but
once you get some sense out of that command you should know
what to put into preferences.php for your site. <br>
<br>
Also, make sure that if you aren't using IPv6, that there is <span
class="moz-txt-tag"><b>*</b></span><b>not<span
class="moz-txt-tag">*</span></b> an AAAA dns record for
your AD servers. Otherwise Linux will see the AAAA record and
try to use it in preference to the A record, and fail to
connect.<br>
<br>
Jules.<o:p></o:p></p>
<div>
<p class="MsoNormal">On 25/10/2012 12:53, Edgar R. Silva
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">
Ok, i have set de last 2 to ‘’ and not autenthicate</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span
style="font-size:8.0pt;color:#1F497D">'authLDAPMemberKey'
=> '',</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">
'authLDAPMemberRole' => '',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Tks. </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Edgar</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="ES">De:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="ES"> <a moz-do-not-send="true"
href="mailto:zendto-bounces@zend.to">zendto-bounces@zend.to</a>
[<a moz-do-not-send="true"
href="mailto:zendto-bounces@zend.to">mailto:zendto-bounces@zend.to</a>]
<b>En nombre de </b>Jules<br>
<b>Enviado el:</b> jueves, 25 de octubre de 2012 07:49<br>
<b>Para:</b> ZendTo Users<br>
<b>Asunto:</b> [ZendTo] Re: LDAP Authenticate...</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 24/10/2012 20:41, Edgar R. Silva
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">I can not configure LDAP authentication<o:p></o:p></p>
<p class="MsoNormal">I have several programs with LDAP
authentication (joomla and vtiger) and work well<o:p></o:p></p>
<p class="MsoNormal">I have Windows 2008 Servers<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">//
Settings for the LDAP authenticator.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt"> //</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authenticator' => 'LDAP',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPBaseDN' =>
'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPServers' =>
array('server2010.suarez.celsius.com.uy','exchange-02.suarez.celsius.com.uy'),</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPAccountSuffix' => '',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPUseSSL' => false,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPBindDn' =>
'CN=administrator,CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPBindPass' => 'administrator password
here',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPOrganization' => 'i dont know here',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">// This
is the list of LDAP properties used to build the user's
full name</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPFullName' => 'i dont know here',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">// If
both these 2 settings are set, then the users must be
members of this</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">//
group/role.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPMemberKey' => 'MemberOf',</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">
'authLDAPMemberRole' =>
'CN=users,DC=suarez,DC=celsius,DC=com,DC=uy',</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman
, serif","serif"">Start by setting the last
2 to '' as you aren't using that facility. It's so you can
have a large tree under of users under your BaseDN, but
only allow a few users who are a member of a specific
group to use ZendTo.<br>
<br>
That may be all it is.<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>Jules<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng MBCS CITP CEng<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.Zend.To">www.Zend.To</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>'Think globally, act locally.' - Friends of the Earth<o:p></o:p></pre>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>ZendTo mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><o:p></o:p></pre>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
<br>
<o:p></o:p></span></p>
<pre>Jules<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng MBCS CITP CEng<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.Zend.To">www.Zend.To</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>'Science is an integral part of culture. It's not this foreign<o:p></o:p></pre>
<pre> thing, done by an arcane priesthood. It's one of the glories of<o:p></o:p></pre>
<pre> human intellectual tradition.' - Stephen Jay Gould<o:p></o:p></pre>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng MBCS CITP CEng
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'Split apart, reunited, or adjusting for new conditions on the
ground, a family is a double-edged sword. They're the best of times,
the worst of times, your keys to the kingdom and the skeletons in
your closet. If only we didn't have to eat dinner with them.'
-- Mary, "In Plain Sight"
</pre>
</blockquote>
</body>
</html>