<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Thanks for the information!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D">BRIAN M. DUNCAN<br>
Data Security Administrator<br>
Katten Muchin Rosenman LLP<br>
525 W. Monroe Street / Chicago, IL 60661-3693<br>
p / (312) 577-8045 f / (312) 577-4490<br>
brian.duncan@kattenlaw.com / www.kattenlaw.com<br>
</span><span style="font-family:"Arial","sans-serif";color:#1F497D"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> zendto-bounces@zend.to [mailto:zendto-bounces@zend.to]
<b>On Behalf Of </b>Kevin Miller<br>
<b>Sent:</b> Monday, November 30, 2015 12:39 PM<br>
<b>To:</b> 'ZendTo Users'<br>
<b>Subject:</b> [ZendTo] Re: Is there any way to have more than 2 realms to authenticate with in AD on Zendto?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I had the same question a couple years ago. Naz Snidanko provided the answer which I've copied/pasted below. In a nutshell, you just need to add an appropriate number of stanzas to the file mentioned. I have
three AD domains authenticating so only needed to add one more.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Hi Kevin,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">We have it in place already, for 5 domains. You need to adjust config and functions in lib\NSSADAuthenticator.php file.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">There is a nicer way of doing it but it’s simplest way without rewriting to much code<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">public function __construct(<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $prefs, $db<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> )<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ( $prefs['authLDAPAdmins'] && (! $prefs['authAdmins']) ) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $prefs['authAdmins'] = $prefs['authLDAPAdmins'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> parent::__construct($prefs, $db);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers1 = $prefs['authLDAPServers1'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase1 = $prefs['authLDAPBaseDN1'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix1 = $prefs['authLDAPAccountSuffix1'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL1 = $prefs['authLDAPUseSSL1'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser1 = $prefs['authLDAPBindUser1'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass1 = $prefs['authLDAPBindPass1'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg1 = $prefs['authLDAPOrganization1'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers2 = $prefs['authLDAPServers2'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase2 = $prefs['authLDAPBaseDN2'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix2 = $prefs['authLDAPAccountSuffix2'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL2 = $prefs['authLDAPUseSSL2'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser2 = $prefs['authLDAPBindUser2'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass2 = $prefs['authLDAPBindPass2'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg2 = $prefs['authLDAPOrganization2'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> //CUSTOM CODE STARTS HERE<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // Created by Naz Snidanko Oct 02, 2012<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers3 = $prefs['authLDAPServers3'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase3 = $prefs['authLDAPBaseDN3'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix3 = $prefs['authLDAPAccountSuffix3'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL3 = $prefs['authLDAPUseSSL3'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser3 = $prefs['authLDAPBindUser3'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass3 = $prefs['authLDAPBindPass3'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg3 = $prefs['authLDAPOrganization3'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers4 = $prefs['authLDAPServers4'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase4 = $prefs['authLDAPBaseDN4'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix4 = $prefs['authLDAPAccountSuffix4'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL4 = $prefs['authLDAPUseSSL4'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser4 = $prefs['authLDAPBindUser4'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass4 = $prefs['authLDAPBindPass4'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg4 = $prefs['authLDAPOrganization4'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers5 = $prefs['authLDAPServers5'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase5 = $prefs['authLDAPBaseDN5'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix5 = $prefs['authLDAPAccountSuffix5'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL5 = $prefs['authLDAPUseSSL5'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser5 = $prefs['authLDAPBindUser5'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass5 = $prefs['authLDAPBindPass5'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg5 = $prefs['authLDAPOrganization5'];<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // CUSTOM CODE ENDS HERE<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapMemberKey = strtolower($prefs['authLDAPMemberKey']);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapMemberRole= strtolower($prefs['authLDAPMemberRole']);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">public function validUsername(<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $uname,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> &$response<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> )<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryvalid($uname, $response);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result !== -70 && $result !== -69) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // Bail out quietly if there isn't a 2nd AD forest<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if (empty($this->_ldapServers2)) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryvalid($uname, $response);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result !== -70 && $result !== -69) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // CUSTOM CODE STARTS HERE<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // Created by Naz Snidanko Oct 02, 2012<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // Bail out quietly if there isn't a 3rd AD forest<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if (empty($this->_ldapServers3)) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryvalid($uname, $response);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result !== -70 && $result !== -69) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> } <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // Bail out quietly if there isn't a 4th AD forest<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if (empty($this->_ldapServers4)) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryvalid($uname, $response);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result !== -70 && $result !== -69) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // Bail out quietly if there isn't a 5th AD forest<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if (empty($this->_ldapServers5)) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryvalid($uname, $response);
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result === -70) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NSSError('Check User: Unable to connect to any of the LDAP servers; could not authenticate user.','LDAP Error');<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> } else if ($result === -69) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // NSSError('Check User: Incorrect username or password.','LDAP Error');<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // return $result;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">public function authenticate(<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> &$uname,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $password,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> &$response<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> )<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // The username should not be their email address.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // So remove everything after any @ sign.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // And remove any domain name on the front, separated by \<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // Passed by reference so should change what is stored in the calling code.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $uname = preg_replace('/@.*$/', '', $uname);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $uname = preg_replace('/^.*\\\/', '', $uname);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg1;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryauthenticate($uname, $password, $response);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result !== -69 && $result !== -70) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg2;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryauthenticate($uname, $password, $response);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result !== -69 && $result !== -70) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg3;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryauthenticate($uname, $password, $response);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result !== -69 && $result !== -70) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg4;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryauthenticate($uname, $password, $response);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result !== -69 && $result !== -70) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapServers = $this->_ldapServers5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapUseSSL = $this->_ldapUseSSL5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindUser = $this->_ldapBindUser5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBindPass = $this->_ldapBindPass5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapBase = $this->_ldapBase5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapAccountSuffix = $this->_ldapAccountSuffix5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $this->_ldapOrg = $this->_ldapOrg5;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> $result = $this->Tryauthenticate($uname, $password, $response);<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> if ($result === -70) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // Failed because we couldn't connect to any auth servers<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NSSError('Check User: Unable to connect to any of the LDAP servers; could not authenticate user.','LDAP Error');<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> } else if ($result === -69) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // Failed because the user failed authentication tests<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> // NSSError('Check User: Incorrect username or password.','LDAP Error');<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return FALSE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> return TRUE;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D">...Kevin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Kevin Miller<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Network/email Administrator, CBJ MIS Dept.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">155 South Seward Street<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Juneau, Alaska 99801<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:zendto-bounces@zend.to">zendto-bounces@zend.to</a> <a href="mailto:[mailto:zendto-bounces@zend.to]">
[mailto:zendto-bounces@zend.to]</a> <b>On Behalf Of </b>Duncan, Brian M.<br>
<b>Sent:</b> Monday, November 30, 2015 5:52 AM<br>
<b>To:</b> 'zendto@zend.to'<br>
<b>Subject:</b> [ZendTo] Is there any way to have more than 2 realms to authenticate with in AD on Zendto?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We are using zendto to successfully authenticate users in 2 different realms in LDAP.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For example:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">'authenticator' => 'AD',<o:p></o:p></p>
<p class="MsoNormal">'authLDAPBaseDN1' => 'DC=us,DC=test,DC=com',<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">'authLDAPServers1' => array('192.168.5.11','192.168.5.10'),<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">'authLDAPBaseDN2' => 'DC=eu,DC=test,DC=com',<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">'authLDAPServers2' => array('192.168.5.11','192.168.5.10'),<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">We would like to be able to authenticate AD users in yet another realm called AP. (ap.test.com)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Can I just create 'authLDAPBaseDN3' etc.. and add the 3<sup>rd</sup> realm? Or is Zendto hardcoded to only be able to support up to 2 realms?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">'authLDAPBaseDN3' => 'DC=ap,DC=test,DC=com',<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">'authLDAPServers3' => array('192.168.5.11','192.168.5.10'),<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Etc..<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Thanks<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">BRIAN M. DUNCAN<br>
Data Security Administrator<br>
Katten Muchin Rosenman LLP<br>
525 W. Monroe Street / Chicago, IL 60661-3693<br>
p / (312) 577-8045 f / (312) 577-4490<br>
<a href="mailto:brian.duncan@kattenlaw.com">brian.duncan@kattenlaw.com</a> / <a href="http://www.kattenlaw.com">
www.kattenlaw.com</a><br>
</span><span style="font-family:"Arial","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellpadding="0">
<tbody>
<tr>
<td style="background:white;padding:.75pt .75pt .75pt .75pt">
<pre><span style="color:black">===========================================================<o:p></o:p></span></pre>
<pre><span style="color:black">CONFIDENTIALITY NOTICE:<o:p></o:p></span></pre>
<pre><span style="color:black">This electronic mail message and any attached files contain information intended for the exclusive<o:p></o:p></span></pre>
<pre><span style="color:black">use of the individual or entity to whom it is addressed and may contain information that is<o:p></o:p></span></pre>
<pre><span style="color:black">proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you<o:p></o:p></span></pre>
<pre><span style="color:black">are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or <o:p></o:p></span></pre>
<pre><span style="color:black">distribution of this information may be subject to legal restriction or sanction. Please notify<o:p></o:p></span></pre>
<pre><span style="color:black">the sender, by electronic mail or telephone, of any unintended recipients and delete the original <o:p></o:p></span></pre>
<pre><span style="color:black">message without making any copies.<o:p></o:p></span></pre>
<pre><span style="color:black">===========================================================<o:p></o:p></span></pre>
<pre><span style="color:black">NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has<o:p></o:p></span></pre>
<pre><span style="color:black">elected to be governed by the Illinois Uniform Partnership Act (1997).<o:p></o:p></span></pre>
<pre><span style="color:black">===========================================================<o:p></o:p></span></pre>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><o:p> </o:p></span></p>
</div>
</body>
</html>