Anonymous LDAP Access for Extended Authentication

Overview

In many organizations, the LDAP directory can be accessed anonymously. The Zend Server 6 UI does not provide the option for configuring anonymous LDAP binding for Extended Authentication. This article explains how to workaround this limitation by manually tweaking the UI configuration file.

Instructions

In a nutshell, LDAP authentication uses Zend Framework's LDAP Authentication Adapter. This adapter has a built-in functionality of attempting anonymous binding when no password is provided. In some guides it is also recommended to provide an empty user name.

The following instructions explain what this means from a practical aspect.

Initial Configuration

First, configure the Extended Authentication as outlined in the Zend Server online documentation:

http://files.zend.com/help/Zend-Server/zend-server.htm#working_with_authentication.htm

Follow the instructions in the "Changing Authentication Methods" section.

Note:
When configuring Extended Authentication you must provide valid access credentials. Otherwise the configuration wizard will not let you finish the setup.


After the initial configuration is completed, try to login to the Zend Server UI, just to make sure that the LDAP authentication works in general.

Switching to Anonymous Binding

Open for editing the file /usr/local/zend/gui/config/zs_ui.ini (this needs to be done with superuser account). At the end of this file there is a group of LDAP-related parameters. Empty the relevant values:

This can be done with two console commands:

# sed -i "s|zend_gui\.password.*$|zend_gui.password =|" /usr/local/zend/gui/config/zs_ui.ini
# sed -i "s|zend_gui\.username.*$|zend_gui.username =|" /usr/local/zend/gui/config/zs_ui.ini

 

No restart is required for these changes to take effect. You can login to the Zend Server UI right away.

Applying the Manual Changes in the UI

After you log in to the UI, you may notice a new notification. Open this notification and click Details. You will see that Zend Server detected the parameters change.

To update the configuration blueprint with the new parameters, click the Apply Changes button: