Issues

ZF-8230: Auto-bind

Issue Type: Improvement Created: 2009-11-05T08:22:44.000+0000 Last Updated: 2009-11-06T02:58:31.000+0000 Status: Resolved Fix version(s): - 1.9.6 (24/Nov/09)

Reporter: Rodrigo Novelo Primolan (primolan) Assignee: Stefan Gehrig (sgehrig) Tags: - Zend_Auth_Adapter_Ldap

Related issues: Attachments:

Description

After authenticated on Active Directory using Zend_Auth_Adapter_Ldap as my adapter, i can call getLdap(), returning the Zend_Ldap object used to authenticated.

The problem is when I do searches: everytime it's necessary to bind. I don't if this is default or not, but it's so boring.

Wouldn't be nice if there was a "auto-bind" function inside search function? Afterall, The options are already set there, including username and password posted by user.

Please, thanks and sorry in advance if I said something wrong. Im new here and a eternal apprentice. :}

Comments

Posted by Stefan Gehrig (sgehrig) on 2009-11-05T08:42:04.000+0000

Should rather be an Zend_Auth_Adapter_Ldap issue.

Posted by Stefan Gehrig (sgehrig) on 2009-11-05T08:44:49.000+0000

Are you using the membership-feature (using the group-setting not being null)? If so the auth-adapter must rebind with the user given in the adapter options to prevent access restriction problems.

Posted by Rodrigo Novelo Primolan (primolan) on 2009-11-05T09:14:42.000+0000

Would be these options?

<pre class="highlight">
Zend_Auth_Adapter_Ldap (line 380)

        $adapterOptions = array(
            'group'       => null,
            'groupDn'     => $ldap->getBaseDn(),
            'groupScope'  => Zend_Ldap::SEARCH_SCOPE_SUB,
            'groupAttr'   => 'cn',
            'groupFilter' => 'objectClass=groupOfUniqueNames',
            'memberAttr'  => 'uniqueMember',
            'memberIsDn'  => true
        );

I didn't know about those options. So I guess group may still ```.

My login is working perfectly, as my searches. The only "problem" is that before every search I must bind again.

Posted by Stefan Gehrig (sgehrig) on 2009-11-05T09:45:29.000+0000

The options should be fine. Could you please provide some sample code of what you're doing so that I can build a test-case to replicate your issue?

Posted by Stefan Gehrig (sgehrig) on 2009-11-05T09:47:52.000+0000

The options should be fine. Could you please provide some sample code of what you're doing so that I can build a test-case to replicate your issue?

Posted by Rodrigo Novelo Primolan (primolan) on 2009-11-05T09:55:39.000+0000

Options

<pre class="highlight">
ldap.default.host = "primolan.primolan.com.br"
ldap.default.accountDomainName = "primolan.com.br"
ldap.default.accountDomainNameShort = "primolan"
ldap.default.accountCanonicalForm = 3
ldap.default.baseDn = "DC=primolan, DC=primolan, DC=com, DC=br"

Login

<pre class="highlight">
$auth = Zend_Auth::getInstance()->setStorage(new Zend_Auth_Storage_Session($this->getRequest()->getModuleName()));
$adapter = new Zend_Auth_Adapter_Ldap($options, $params['username'], $params['password']);
$result = $auth->authenticate($adapter);
$ldap = $adapter->getLdap();

Search

<pre class="highlight">
$ldap->bind($username, $password);
$result = $ldap->searchEntries($filters, $ldap->getBaseDn(), Zend_Ldap::SEARCH_SCOPE_SUB);

Without that $ldap->bind(), searchEntries doesn't work.

Posted by Stefan Gehrig (sgehrig) on 2009-11-05T10:06:51.000+0000

OK - thanks for your efforts.

Currently I can't think of a reason why this would not work - but let me check this. I'll have a look into this tomorrow.

Posted by Rodrigo Novelo Primolan (primolan) on 2009-11-05T17:10:54.000+0000

Thanks for your patience and attention. See you tomorrow. Have a good night!

Posted by Stefan Gehrig (sgehrig) on 2009-11-06T02:58:27.000+0000

Should be fixed in trunk (r18878) and 1.9-release branch (r18882)

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts