2008年8月27日星期三

[fw-auth] LDAP - following referrals

Hello,

I have an issue with Zend_Auth_Adapter_Ldap..

A bit of backgroud...

Zend Framework version 1.5.3
php5 -v : PHP 5.2.5 with Suhosin-Patch 0.9.6.2  Zend Engine v2.2.0
OS: SLES 10 SP2

My site has multiple LDAP servers.  Some of these servers can potentially return a "Referral" when searching for specific data for a user.
For example (using ldapsearch):

ldapsearch -b -o=myorg -h ldap-server1 -Z -x '(uid=someuser)' dn
this returns:

search: 3
result: 10 Referral
ref: ldaps://ldap-server2/o=myorg
ref: ldaps://ldap-server3/o=myorg
ref: ldaps://ldap-server4/o=myorg

If I add the -C option to above, I will get the dn for "someuser", cn=someuser,o=myorg

When using Zend_Auth_Adapter_Ldap and following the basic instructions at http://framework.zend.com/manual/en/zend.auth.adapter.ldap.html for authentication, when I look at the /tmp/ldap.log file, I see the following:

<date> DEBUG (7): Ldap: 2: someuser authentication failed: 0x20: Referral: (uid=someuser)

Is there some way to have Zend_Auth_Adapter_Ldap follow the Referral?

I have tried the following with no success:

$adapter = new Zend_Auth_Adapter_Ldap($options, $username, $password);
ldap_set_options($adapter->getLdap()->getResource(), LDAP_OPT_REFERRALS, 1);
$result = $auth->authenicate($adapter)

Note, my Zend_Config_Ini configuration for contains the following

ldap.server1.host = ldap-server1
ldap.server1.useSsl = true
ldap.server1.baseDn = o=myorg
ldap.server1.accountFilterFormat = "(uid=%s)"
ldap.server1.bindRequireDn = true

Is there a way to make the adapter follow the "Referral"?  Is there something that need to be configured externally?

Thanks,
Mike

没有评论: