Microsoft are now mandating the use of TLS when communicating with AD servers to check authentication details. This requires one set of changes in ZendTo's /opt/zendto/config/preferences.php file and possibly a change to an LDAP configuration file on your ZendTo server.
If you use locally-signed or non-standard certificates, and are having problems troubleshooting, here is a troubleshooting guide.
Assuming your are using just 1 AD forest, then the changes required are underlined below:
'authLDAPServers1' => array('ldaps://your-AD-server-here.example.com'), 'authLDAPUseSSL1' => false, 'authLDAPUseTLS1' => false,
In all cases, you can run the command "man ldap.conf" to read about other TLS_... settings you can add to the ldap.conf file, though other changes shouldn't be needed for most sites.
Here is how one user got the SSL certificates right for their setup, using an LDAP server:
Many people have trouble getting the BaseDN and bind details correct to successfully configure ZendTo to use your Active Directory authentication system.
The easiest way to get these configuration settings correct is to use the ldapsearch command (normally part of ldap-utils package or similar) to experiment with different values until it works on the command line.
For this example, we will use the site "example.com", connecting to the AD server "ad_server.example.com" as user "ad_read_user" with password "ad_read_password". The correct BaseDN will be "OU=Staff,OU=users,DC=example,DC=com". If you run the command
ldapsearch -x -LLL -E pr=200/noprompt -h ad_server.example.com -D 'ad_read_user' -w 'ad_read_password' -b 'OU=Staff,OU=users,DC=example,DC=com' -s sub '(sAMAccountName=*)' cn mail memberOf
Experiment with different values for
When you get them right, the command will output the username, email address and group information for all the users it finds. You should make sure this includes all the users you want to be able to use ZendTo (very often you don't want the "OU=Staff," bit if you want all your users to be able to use ZendTo).
When you have got them right, the corresponding preferences.php settings are