Anonymous LDAP Access for Extended Authentication



In many organizations, the LDAP directory can be accessed anonymously. The Zend Server 6 UI does not provide the option for configuring anonymous LDAP binding for Extended Authentication. This article explains how to workaround this limitation by manually tweaking the UI configuration file.


In a nutshell, LDAP authentication uses Zend Framework's LDAP Authentication Adapter. This adapter has a built-in functionality of attempting anonymous binding when no password is provided. In some guides it is also recommended to provide an empty user name.

The following instructions explain what this means from a practical aspect.

Initial Configuration

First, configure the Extended Authentication as outlined in the Zend Server online documentation:

Follow the instructions in the "Changing Authentication Methods" section.

When configuring Extended Authentication you must provide valid access credentials. Otherwise the configuration wizard will not let you finish the setup.

After the initial configuration is completed, try to login to the Zend Server UI, just to make sure that the LDAP authentication works in general.

Switching to Anonymous Binding

Open for editing the file /usr/local/zend/gui/config/zs_ui.ini (this needs to be done with superuser account). At the end of this file there is a group of LDAP-related parameters. Empty the relevant values:

This can be done with two console commands:

# sed -i "s|zend_gui\.password.*$|zend_gui.password =|" /usr/local/zend/gui/config/zs_ui.ini
# sed -i "s|zend_gui\.username.*$|zend_gui.username =|" /usr/local/zend/gui/config/zs_ui.ini


No restart is required for these changes to take effect. You can login to the Zend Server UI right away.

Applying the Manual Changes in the UI

After you log in to the UI, you may notice a new notification. Open this notification and click Details. You will see that Zend Server detected the parameters change.

To update the configuration blueprint with the new parameters, click the Apply Changes button:


Excerpt: In many organizations the LDAP directory can be accessed anonymously. Zend Server 6 user interface does not provide the option of configuring anonymous LDAP binding for Extended Authentication. This article explains how to manually tweak the UI configuration file to workaround this limitation.

Original Post Date: 2014-05-05 16:57:18

External Links:

On-line Documentation: Working with Authentication and Passwords
Zend Framework Documentation: LDAP Authentication

Tags: anonymous,authentication,Debian / Ubuntu,extended authentication,LDAP,RedHat Enterprise Linux / CentOS,SUSE Linux Enterprise Server / OpenSUSE,Zend Server 6.x,zs_ui.ini,oldKB,attachment

Have more questions? Submit a request


Powered by Zendesk