Anonymous LDAP Access for Extended Authentication
In many organizations, the LDAP directory can be accessed anonymously. The Zend Server 6 UI does not provide the option for configuring anonymous LDAP binding for Extended Authentication. This article explains how to workaround this limitation by manually tweaking the UI configuration file.
In a nutshell, LDAP authentication uses Zend Framework's LDAP Authentication Adapter. This adapter has a built-in functionality of attempting anonymous binding when no password is provided. In some guides it is also recommended to provide an empty user name.
The following instructions explain what this means from a practical aspect.
First, configure the Extended Authentication as outlined in the Zend Server online documentation:
Follow the instructions in the "Changing Authentication Methods" section.
After the initial configuration is completed, try to login to the Zend Server UI, just to make sure that the LDAP authentication works in general.
Switching to Anonymous Binding
Open for editing the file /usr/local/zend/gui/config/zs_ui.ini (this needs to be done with superuser account). At the end of this file there is a group of LDAP-related parameters. Empty the relevant values:
This can be done with two console commands:
No restart is required for these changes to take effect. You can login to the Zend Server UI right away.
Applying the Manual Changes in the UI
After you log in to the UI, you may notice a new notification. Open this notification and click Details. You will see that Zend Server detected the parameters change.
To update the configuration blueprint with the new parameters, click the Apply Changes button: