Issues

ZF-8230: Auto-bind

Description

After authenticated on Active Directory using Zend_Auth_Adapter_Ldap as my adapter, i can call getLdap(), returning the Zend_Ldap object used to authenticated.

The problem is when I do searches: everytime it's necessary to bind. I don't if this is default or not, but it's so boring.

Wouldn't be nice if there was a "auto-bind" function inside search function? Afterall, The options are already set there, including username and password posted by user.

Please, thanks and sorry in advance if I said something wrong. Im new here and a eternal apprentice. :}

Comments

Should rather be an Zend_Auth_Adapter_Ldap issue.

Are you using the membership-feature (using the {{group}}-setting not being {{null}})? If so the auth-adapter must rebind with the user given in the adapter options to prevent access restriction problems.

Would be these options?


Zend_Auth_Adapter_Ldap (line 380)

        $adapterOptions = array(
            'group'       => null,
            'groupDn'     => $ldap->getBaseDn(),
            'groupScope'  => Zend_Ldap::SEARCH_SCOPE_SUB,
            'groupAttr'   => 'cn',
            'groupFilter' => 'objectClass=groupOfUniqueNames',
            'memberAttr'  => 'uniqueMember',
            'memberIsDn'  => true
        );

I didn't know about those options. So I guess group may still ```.

My login is working perfectly, as my searches. The only "problem" is that before every search I must bind again.

The options should be fine. Could you please provide some sample code of what you're doing so that I can build a test-case to replicate your issue?

The options should be fine. Could you please provide some sample code of what you're doing so that I can build a test-case to replicate your issue?

Options


ldap.default.host = "primolan.primolan.com.br"
ldap.default.accountDomainName = "primolan.com.br"
ldap.default.accountDomainNameShort = "primolan"
ldap.default.accountCanonicalForm = 3
ldap.default.baseDn = "DC=primolan, DC=primolan, DC=com, DC=br"

Login


$auth = Zend_Auth::getInstance()->setStorage(new Zend_Auth_Storage_Session($this->getRequest()->getModuleName()));
$adapter = new Zend_Auth_Adapter_Ldap($options, $params['username'], $params['password']);
$result = $auth->authenticate($adapter);
$ldap = $adapter->getLdap();

Search


$ldap->bind($username, $password);
$result = $ldap->searchEntries($filters, $ldap->getBaseDn(), Zend_Ldap::SEARCH_SCOPE_SUB);

Without that $ldap->bind(), searchEntries doesn't work.

OK - thanks for your efforts.

Currently I can't think of a reason why this would not work - but let me check this. I'll have a look into this tomorrow.

Thanks for your patience and attention. See you tomorrow. Have a good night!

Should be fixed in trunk (r18878) and 1.9-release branch (r18882)