I use the LDAP authentication adapter to authenticate against Active Directory on a number of sites. Since upgrading to 1.9.2 the authentication fails with FAILURE_CREDENTIAL_INVALID for everyone. I compared Zend_Auth_Adapter_Ldap between 1.8.0 and 1.9.2, but I can't see what is causing the problem. I can see that 1.8 attempted to bind using the canonical account name, whereas 1.9 attempts to bind using the user-entered value directly. Since the LDAP configuration originally had the canonical form set to ACCTNAME_FORM_USERNAME (2), those should have been the same, so it seems it shouldn't matter which it used. However, if I change the canonical form in the configuration to ACCTNAME_FORM_PRINCIPAL (4), the authentication is successful. The problem that the format of the identity stored in Zend_Auth_Result (and subsequently Zend_Auth) is now different from what is stored in the database.
Andrew
