Hi Tim, are you sure that your accountFilterFormat is "(objectclass=person)(sAMAccountName=%s)"?
The problem is, that this is not a valid LDAP filter string. The old version of the auth-adapter did not use the accountFilterFormat on an Active Directory server, because AD can bind users with their canonical username and does not require the DN to be retrieved first. The correct accountFilterFormat should be "(&(objectClass=user)(sAMAccountName=%s))" for Active Directory servers. Please give it a try! Best regards Stefan -----Ursprüngliche Nachricht----- Von: Tim Rupp [mailto:caphrim...@gmail.com] Gesendet: Mittwoch, 26. August 2009 18:13 An: Stefan Gehrig Cc: Christian Aarø Rasmussen; fw-general@lists.zend.com Betreff: Re: [fw-general] Zend_Auth with LDAP adapter works in 1.8.4 but not in 1.9 No go with the adapter from 17833. -Tim On Wed, Aug 26, 2009 at 11:01 AM, Tim Rupp<caphrim...@gmail.com> wrote: > If I remove the > > dn = $ldap->getCanonicalAccountName($username, Zend_Ldap::ACCTNAME_FORM_DN); > > line from Auth/Adapter/Ldap.php, it works like it did before in 1.9.1. > I'm following the path to where it breaks from that point, but it's > unclear what exactly is going wrong. > > That method with those arguments will send you to line 566 in > Zend/Ldap.php, here > return $this->_getAccountDn($acctname); > > which sends me to line 499 here > $acct = $this->_getAccount($acctname, array('dn')); > > which gets to line 627 here > $accounts = $this->search($accountFilter, $baseDn, > self::SEARCH_SCOPE_SUB, $attrs); > > which hits the default switch statement > case self::SEARCH_SCOPE_SUB: > default:^M > $search = @ldap_search($this->getResource(), $basedn, > $filter, $attributes); > > and that hits line 907 and throws the exception. > > I'll try 17833 right now. > > Thanks, > Tim > > > On Wed, Aug 26, 2009 at 10:27 AM, Tim Rupp<caphrim...@gmail.com> wrote: >> Still receiving the error, but on different lines. >> >> #0 /var/www/html/lib/Zend/Ldap.php(631): >> Zend_Ldap->search('(objectclass=pe...', 'OU=Service...', 1, Array) >> >> #1 /var/www/html/lib/Zend/Ldap.php(503): Zend_Ldap->_getAccount('tarupp', Array) >> >> #2 /var/www/html/lib/Zend/Ldap.php(570): Zend_Ldap->_getAccountDn('tarupp') >> >> #3 /var/www/html/lib/Zend/Auth/Adapter/Ldap.php(318): >> Zend_Ldap->getCanonicalAccountName('tarupp', 1) >> >> >> I tried copying the Zend/Auth/Adapter/Ldap.php from 1.9.1 on top of >> 1.9.2's adapter and it works fine, so the problem I'm seeing seems to >> be somewhere in there. I will continue to look further into it. >> >> -Tim >> >> On Wed, Aug 26, 2009 at 10:06 AM, Stefan Gehrig<geh...@ishd.de> wrote: >>> Hi Tim, >>> >>> as far as I can say now there must have been some problem with merging >>> changes into the 1.9-release branch. >>> Are you able to try if your code works with the most recent version from >>> trunk? >>> >>> Sorry for any problems this causes... >>> >>> Best regards >>> >>> Stefan >>> >>> -----Ursprüngliche Nachricht----- >>> Von: Tim Rupp [mailto:caphrim...@gmail.com] >>> Gesendet: Mittwoch, 26. August 2009 15:52 >>> An: Stefan Gehrig >>> Cc: Christian Aarø Rasmussen; fw-general@lists.zend.com >>> Betreff: Re: [fw-general] Zend_Auth with LDAP adapter works in 1.8.4 but not >>> in 1.9 >>> >>> I'm seeing the exact same behavior, but I'm seeing it happen between >>> the 1.9.1 and 1.9.2 release. >>> The error I'm receiving is >>> >>> #0 /var/www/html/lib/Zend/Ldap.php(627): >>> Zend_Ldap->search('(objectclass=pe...', 'OU=Service...', 1, Array) >>> >>> #1 /var/www/html/lib/Zend/Ldap.php(499): Zend_Ldap->_getAccount('tarupp', >>> Array) >>> >>> #2 /var/www/html/lib/Zend/Ldap.php(566): >>> Zend_Ldap->_getAccountDn('tar...@services...') >>> >>> #3 /var/www/html/lib/Zend/Auth/Adapter/Ldap.php(318): >>> Zend_Ldap->getCanonicalAccountName('tar...@services...', 1) >>> >>> tar...@services.fnal.gov authentication failed: 0x51 (Can't contact >>> LDAP server): searching: (objectclass=person)(sAMAccountName=tarupp) >>> >>> >>> And quite literally nothing has changed in my configuration files or >>> codebase except updating to 1.9.2 >>> >>> Here are the relevant ldap config options >>> >>> >>> >>> useSsl = "1" >>> host = "services.site.org" >>> port = "636" >>> bindRequiresDn = "" >>> accountDomainName = "services.site.org" >>> username = "username" >>> password = "password" >>> baseDn = "OU=Users,DC=services,DC=site,DC=org" >>> accountFilterFormat = "(objectclass=person)(sAMAccountName=%s)" >>> >>> >>> 1.9.1 works fine. 1.9.2 gives that error. Any ideas? >>> >>> Also, and this is only nitpicking, can the framework be run through >>> dos2unix before it's packed? Some of the files (Zend/Ldap.php for >>> example) have ^M line terminators in them and others dont. >>> >>> -Tim >>> >>> >>> On Wed, Aug 26, 2009 at 3:44 AM, Stefan Gehrig<geh...@ishd.de> wrote: >>>> Hi Christian, >>>> >>>> >>>> >>>> can please provide some more details on the case? >>>> >>>> Especially are there any error messages shown or exceptions thrown? Please >>>> provide the relevant code-snippet to get a clear picture on what youre >>>> doing. >>>> >>>> Generally the new Zend_Ldap-component should be BC. >>>> >>>> >>>> >>>> Best regards >>>> >>>> >>>> >>>> Stefan >>>> >>>> >>>> >>>> Stefan Gehrig >>>> >>>> Zend_Ldap-Contributor >>>> >>>> >>>> >>>> >>>> >>>> Von: Christian Aarø Rasmussen [mailto:christian.rasmus...@capana.com] >>>> Gesendet: Mittwoch, 26. August 2009 10:38 >>>> An: fw-general@lists.zend.com >>>> Betreff: [fw-general] Zend_Auth with LDAP adapter works in 1.8.4 but not >>> in >>>> 1.9 >>>> >>>> >>>> >>>> Hello all, >>>> >>>> >>>> >>>> For quite some time now, Ive been working on an application for a client. >>>> One of the main features of this application was that the users should be >>>> able to log on with their domain user instead of having separate logins to >>>> every single small utility scattered around on their system like it was in >>>> the olden days. >>>> >>>> >>>> >>>> For almost a year now, the authentification with their windows domain user >>>> has worked just fine. I recently updated to Zend Framework 1.9 on the test >>>> environment which seemed to break the authentification with their domain >>>> user. I know that theres been some changes to the LDAP component but I >>>> cant find any notes in the release notes or reference guide seems to >>> point >>>> out any details which should be changed in order for it to work with 1.9. >>>> >>>> >>>> >>>> As mentioned it works with 1.8.4 and the exact same script doesnt work >>> with >>>> 1.9. Does anybody know which has happened? >>>> >>>> >>>> >>>> Best regards >>>> >>>> Christian Aarø Rasmussen >>> >>> >> >
