Well wonders never cease to amaze. Good eye! I guess I was relying on a bug for functionality.
I've corrected the filter and everything is ticking along fine once again. Also, the change you made to the Ldap adapter did not break anything when I corrected the filter. Thanks a lot Stefan! Tim On Wed, Aug 26, 2009 at 11:38 AM, Stefan Gehrig<[email protected]> wrote: > Hi Tim, > > are you sure that your accountFilterFormat is > "(objectclass=person)(sAMAccountName=%s)"? > > The problem is, that this is not a valid LDAP filter string. The old version > of the auth-adapter did not use the accountFilterFormat on an Active > Directory server, because AD can bind users with their canonical username > and does not require the DN to be retrieved first. > The correct accountFilterFormat should be > "(&(objectClass=user)(sAMAccountName=%s))" for Active Directory servers. > > Please give it a try! > > Best regards > > Stefan > > -----Ursprüngliche Nachricht----- > Von: Tim Rupp [mailto:[email protected]] > Gesendet: Mittwoch, 26. August 2009 18:13 > An: Stefan Gehrig > Cc: Christian Aarø Rasmussen; [email protected] > Betreff: Re: [fw-general] Zend_Auth with LDAP adapter works in 1.8.4 but not > in 1.9 > > No go with the adapter from 17833. > > -Tim > > On Wed, Aug 26, 2009 at 11:01 AM, Tim Rupp<[email protected]> wrote: >> If I remove the >> >> dn = $ldap->getCanonicalAccountName($username, > Zend_Ldap::ACCTNAME_FORM_DN); >> >> line from Auth/Adapter/Ldap.php, it works like it did before in 1.9.1. >> I'm following the path to where it breaks from that point, but it's >> unclear what exactly is going wrong. >> >> That method with those arguments will send you to line 566 in >> Zend/Ldap.php, here >> return $this->_getAccountDn($acctname); >> >> which sends me to line 499 here >> $acct = $this->_getAccount($acctname, array('dn')); >> >> which gets to line 627 here >> $accounts = $this->search($accountFilter, $baseDn, >> self::SEARCH_SCOPE_SUB, $attrs); >> >> which hits the default switch statement >> case self::SEARCH_SCOPE_SUB: >> default:^M >> $search = @ldap_search($this->getResource(), $basedn, >> $filter, $attributes); >> >> and that hits line 907 and throws the exception. >> >> I'll try 17833 right now. >> >> Thanks, >> Tim >> >> >> On Wed, Aug 26, 2009 at 10:27 AM, Tim Rupp<[email protected]> wrote: >>> Still receiving the error, but on different lines. >>> >>> #0 /var/www/html/lib/Zend/Ldap.php(631): >>> Zend_Ldap->search('(objectclass=pe...', 'OU=Service...', 1, Array) >>> >>> #1 /var/www/html/lib/Zend/Ldap.php(503): Zend_Ldap->_getAccount('tarupp', > Array) >>> >>> #2 /var/www/html/lib/Zend/Ldap.php(570): > Zend_Ldap->_getAccountDn('tarupp') >>> >>> #3 /var/www/html/lib/Zend/Auth/Adapter/Ldap.php(318): >>> Zend_Ldap->getCanonicalAccountName('tarupp', 1) >>> >>> >>> I tried copying the Zend/Auth/Adapter/Ldap.php from 1.9.1 on top of >>> 1.9.2's adapter and it works fine, so the problem I'm seeing seems to >>> be somewhere in there. I will continue to look further into it. >>> >>> -Tim >>> >>> On Wed, Aug 26, 2009 at 10:06 AM, Stefan Gehrig<[email protected]> wrote: >>>> Hi Tim, >>>> >>>> as far as I can say now there must have been some problem with merging >>>> changes into the 1.9-release branch. >>>> Are you able to try if your code works with the most recent version from >>>> trunk? >>>> >>>> Sorry for any problems this causes... >>>> >>>> Best regards >>>> >>>> Stefan >>>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: Tim Rupp [mailto:[email protected]] >>>> Gesendet: Mittwoch, 26. August 2009 15:52 >>>> An: Stefan Gehrig >>>> Cc: Christian Aarø Rasmussen; [email protected] >>>> Betreff: Re: [fw-general] Zend_Auth with LDAP adapter works in 1.8.4 but > not >>>> in 1.9 >>>> >>>> I'm seeing the exact same behavior, but I'm seeing it happen between >>>> the 1.9.1 and 1.9.2 release. >>>> The error I'm receiving is >>>> >>>> #0 /var/www/html/lib/Zend/Ldap.php(627): >>>> Zend_Ldap->search('(objectclass=pe...', 'OU=Service...', 1, Array) >>>> >>>> #1 /var/www/html/lib/Zend/Ldap.php(499): > Zend_Ldap->_getAccount('tarupp', >>>> Array) >>>> >>>> #2 /var/www/html/lib/Zend/Ldap.php(566): >>>> Zend_Ldap->_getAccountDn('tar...@services...') >>>> >>>> #3 /var/www/html/lib/Zend/Auth/Adapter/Ldap.php(318): >>>> Zend_Ldap->getCanonicalAccountName('tar...@services...', 1) >>>> >>>> [email protected] authentication failed: 0x51 (Can't contact >>>> LDAP server): searching: (objectclass=person)(sAMAccountName=tarupp) >>>> >>>> >>>> And quite literally nothing has changed in my configuration files or >>>> codebase except updating to 1.9.2 >>>> >>>> Here are the relevant ldap config options >>>> >>>> >>>> >>>> useSsl = "1" >>>> host = "services.site.org" >>>> port = "636" >>>> bindRequiresDn = "" >>>> accountDomainName = "services.site.org" >>>> username = "username" >>>> password = "password" >>>> baseDn = "OU=Users,DC=services,DC=site,DC=org" >>>> accountFilterFormat = "(objectclass=person)(sAMAccountName=%s)" >>>> >>>> >>>> 1.9.1 works fine. 1.9.2 gives that error. Any ideas? >>>> >>>> Also, and this is only nitpicking, can the framework be run through >>>> dos2unix before it's packed? Some of the files (Zend/Ldap.php for >>>> example) have ^M line terminators in them and others dont. >>>> >>>> -Tim >>>> >>>> >>>> On Wed, Aug 26, 2009 at 3:44 AM, Stefan Gehrig<[email protected]> wrote: >>>>> Hi Christian, >>>>> >>>>> >>>>> >>>>> can please provide some more details on the case? >>>>> >>>>> Especially are there any error messages shown or exceptions thrown? > Please >>>>> provide the relevant code-snippet to get a clear picture on what you’re >>>>> doing. >>>>> >>>>> Generally the new Zend_Ldap-component should be BC. >>>>> >>>>> >>>>> >>>>> Best regards >>>>> >>>>> >>>>> >>>>> Stefan >>>>> >>>>> >>>>> >>>>> Stefan Gehrig >>>>> >>>>> Zend_Ldap-Contributor >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Von: Christian Aarø Rasmussen [mailto:[email protected]] >>>>> Gesendet: Mittwoch, 26. August 2009 10:38 >>>>> An: [email protected] >>>>> Betreff: [fw-general] Zend_Auth with LDAP adapter works in 1.8.4 but > not >>>> in >>>>> 1.9 >>>>> >>>>> >>>>> >>>>> Hello all, >>>>> >>>>> >>>>> >>>>> For quite some time now, I’ve been working on an application for a > client. >>>>> One of the main features of this application was that the users should > be >>>>> able to log on with their domain user instead of having separate logins > to >>>>> every single small utility scattered around on their system like it was > in >>>>> the olden days. >>>>> >>>>> >>>>> >>>>> For almost a year now, the authentification with their windows domain > user >>>>> has worked just fine. I recently updated to Zend Framework 1.9 on the > test >>>>> environment which seemed to break the authentification with their > domain >>>>> user. I know that there’s been some changes to the LDAP component but I >>>>> can’t find any notes in the release notes or reference guide seems to >>>> point >>>>> out any details which should be changed in order for it to work with > 1.9. >>>>> >>>>> >>>>> >>>>> As mentioned it works with 1.8.4 and the exact same script doesn’t work >>>> with >>>>> 1.9. Does anybody know which has happened? >>>>> >>>>> >>>>> >>>>> Best regards >>>>> >>>>> Christian Aarø Rasmussen >>>> >>>> >>> >> > >
