+ Post New Thread
Results 1 to 7 of 7
How do you do....it? Thread, Yet another MRBS LDAP issue in Technical; I have just moved my database onto my new 2008r2 server running iis. I have added the php extension I ...
  1. #1

    Join Date
    Feb 2007
    Posts
    213
    Thank Post
    6
    Thanked 11 Times in 11 Posts
    Rep Power
    17

    Yet another MRBS LDAP issue

    I have just moved my database onto my new 2008r2 server running iis.

    I have added the php extension

    I have checked my settings over and over again and I just cannot get it to work.

    It returns an unknow user error.

    I'm wasting too much time on it now it just doesn't make sense I read all the posts on here about it and still no joy.

    Is there anyone running it on iis7 with ldap authentication.

    If so can I have a look at your config file.

    Thanks

  2. #2

    Join Date
    Sep 2008
    Location
    England
    Posts
    276
    Thank Post
    6
    Thanked 70 Times in 62 Posts
    Rep Power
    53
    are you using windows authentication (single sign on) or just ldap? I've got windows authentication working with the following in my config.inc.php:
    Code:
    $auth["session"] = "nt"; // How to get and keep the user ID. One of
               // "http" "php" "cookie" "ip" "host" "nt" "omni"
               // "remote_user"
    
    $auth["type"] = "none"; // How to validate the user/password. One of "none"
                              // "config" "db" "db_ext" "pop3" "imap" "ldap" "nis"
                              // "nw" "ext".
    						  
    // The list of administrators (can modify other peoples settings).
    //
    // This list is not needed when using the 'db' authentication scheme EXCEPT
    // when upgrading from a pre-MRBS 1.4.2 system that used db authentication.
    // Pre-1.4.2 the 'db' authentication scheme did need this list.   When running
    // edit_users.php for the first time in a 1.4.2 system or later, with an existing
    // users list in the database, the system will automatically add a field to
    // the table for access rights and give admin rights to those users in the database
    // for whom admin rights are defined here.   After that this list is ignored.
    unset($auth["admin"]);              // Include this when copying to config.inc.php
    $auth["admin"][] = "127.0.0.1";     // localhost IP address. Useful with IP sessions.
    $auth["admin"][] = "administrator"; // A user name from the user list. Useful 
                                        // with most other session schemes.
    $auth["admin"][] = "windows-admin-username";
    Then under the iis manager, you need to configure authentication for the website. You need to enable windows authentication, and disable the others. then edit the providers for windows authentication and make sure NTLM is at the top. Finally, under 'Basic Settings' for the website, click on 'Connect As' and choose application user. You probably want to restart iis at this point.

    You can configure who has access in the iis console, and you grant a user admin rights by adding a
    $auth["admin"][] = "windows-admin-username"; line to config.inc.php after the other ones. replace windows-admin-username with the users domain account name.

  3. #3

    Join Date
    Feb 2007
    Posts
    213
    Thank Post
    6
    Thanked 11 Times in 11 Posts
    Rep Power
    17
    So this allows the uer to automatically log in??

    does this prevent themfrom deleting etc?

  4. #4

    Join Date
    Sep 2008
    Location
    England
    Posts
    276
    Thank Post
    6
    Thanked 70 Times in 62 Posts
    Rep Power
    53
    If they are on a windows client with IE on the same domain, they should automatically log in. Otherwise they should get a login box where they can login with their own domain username.

    Without changing any other options, they will be able to delete/change their own bookings, but not anyone elses. Admins will have full control. So it should work the same as with ldap authentication.

    You can check this, if you make a booking as a normal user, and then look at the booking details, the username should show up under 'created by'.

  5. #5

    Join Date
    Feb 2007
    Posts
    213
    Thank Post
    6
    Thanked 11 Times in 11 Posts
    Rep Power
    17
    Quote Originally Posted by Chris_Cook View Post
    If they are on a windows client with IE on the same domain, they should automatically log in. Otherwise they should get a login box where they can login with their own domain username.

    Without changing any other options, they will be able to delete/change their own bookings, but not anyone elses. Admins will have full control. So it should work the same as with ldap authentication.

    You can check this, if you make a booking as a normal user, and then look at the booking details, the username should show up under 'created by'.
    Indeed it does.. Thanks.. Works as expected..

    Thanks Chris

  6. #6
    Fontayne56's Avatar
    Join Date
    Dec 2008
    Posts
    130
    Thank Post
    17
    Thanked 5 Times in 4 Posts
    Rep Power
    13
    Hi Guys

    I have done as instructed and i can log in automatically great !! BUT

    I have no admin rights after putting in the

    $auth["admin"][] = "my username";

    and when i create a booking i get its created by the WEBSERVER$ -- strange have i missed somthing ???


    Very stuck help.


    Many Thanks
    Ryan Everitt

  7. #7

    Join Date
    Sep 2008
    Location
    England
    Posts
    276
    Thank Post
    6
    Thanked 70 Times in 62 Posts
    Rep Power
    53
    I think you may have missed a step. Did you read through the bit after the code? if not, follow that bit and it should work. I think the specific bit that needs to be done is under 'Basic Settings' for the website, click on 'Connect As' and choose application user.

    Internally, mrbs calls a php function called get_current_user() which returns the username of the user who is running the mrbs php script. Normally this would be the user account that is setup when you install iis - this something like the servername followed by the dollar symbol. When you enable the Connect as application user option, the script is run by the user who is logged in to to the client.

SHARE:
+ Post New Thread

Similar Threads

  1. Fix for MRBS 1.4.8 LDAP issues
    By gshaw in forum Network and Classroom Management
    Replies: 3
    Last Post: 11th July 2012, 10:31 AM
  2. Yet another school closing - Disgusting !!
    By mattx in forum General Chat
    Replies: 7
    Last Post: 6th February 2008, 06:47 PM
  3. Yet another Logon Script
    By ajbritton in forum Windows
    Replies: 3
    Last Post: 19th June 2006, 09:47 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •