+ Post New Thread
Results 1 to 6 of 6
Network and Classroom Management Thread, MRBS Software in Technical; having problems with getting LDAP to work - I have read all the previous posts with no joy. Everything looks ...
  1. #1

    Join Date
    Dec 2005
    Location
    Bristol
    Posts
    6
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    MRBS Software

    having problems with getting LDAP to work - I have read all the previous posts with no joy. Everything looks okay and linking to LDAP with other programs is oaky. Obviously I have something set incorrectly. Running MRBS 1.2.6 on windows 2003, IIS.

    Program works fine under internal database, when using LDAP no errors except "unknown user".


    Config.inc.php file set as follows: (please note choice of server and domain names were before my time!)


    ###############################################
    # Authentication settings - read AUTHENTICATION
    ###############################################
    $auth["session"] = "php"; # How to get and keep the user ID. One of
    # "http" "php" "cookie" "ip" "host" "nt" "omni"
    # "remote_user"
    $auth["type"] = "ldap"; # How to validate the user/password. One of "none"
    # "config" "db" "db_ext" "pop3" "imap" "ldap" "nis"
    # "nw" "ext".

    # Cookie path override. If this value is set it will be used by the
    # 'php' and 'cookie' session schemes to override the default behaviour
    # of automatically determining the cookie path to use
    $cookie_path_override = '';

    # The list of administrators (can modify other peoples settings)
    $auth["admin"][] = "127.0.0.1"; # localhost IP address. Useful with IP sessions.
    $auth["admin"][] = "administrator"; # A user name from the user list. Useful
    #with most other session schemes.
    #$auth["admin"][] = "10.0.0.1";
    #$auth["admin"][] = "10.0.0.2";
    #$auth["admin"][] = "10.0.0.3";

    # 'auth_config' user database
    # Format: $auth["user"]["name"] = "password";
    $auth["user"]["administrator"] = "secret";
    $auth["user"]["alice"] = "a";
    $auth["user"]["bob"] = "b";

    # 'session_http' configuration settings
    $auth["realm"] = "mrbs";

    # 'session_remote_user' configuration settings
    #$auth['remote_user']['logout_link'] = '/logout/link.html';

    # 'auth_ext' configuration settings
    $auth["prog"] = "";
    $auth["params"] = "";

    # 'auth_db_ext' configuration settings
    $auth['db_ext']['db_host'] = 'localhost';
    $auth['db_ext']['db_username'] = 'authuser';
    $auth['db_ext']['db_password'] = 'authpass';
    $auth['db_ext']['db_name'] = 'authdb';
    $auth['db_ext']['db_table'] = 'users';
    $auth['db_ext']['column_name_username'] = 'name';
    $auth['db_ext']['column_name_password'] = 'password';
    # Either 'md5', 'sha1', 'crypt' or 'plaintext'
    $auth['db_ext']['password_format'] = 'md5';

    # 'auth_ldap' configuration settings
    # Where is the LDAP server
    $ldap_host = "server.domain.com";
    # If you have a non-standard LDAP port, you can define it here
    $ldap_port = 389;
    # If you do not want to use LDAP v3, change the following to false
    $ldap_v3 = true;
    # If you want to use TLS, change the following to true
    $ldap_tls = false;
    # LDAP base distinguish name
    # See AUTHENTICATION for details of how check against multiple base dn's
    $ldap_base_dn = "ou=fhs,dc=domain,dc=com";
    # Attribute within the base dn that contains the username
    #$ldap_user_attrib = "uid";
    # If you need to search the directory to find the user's DN to bind
    # with, set the following to the attribute that holds the user's
    # "username". In Microsoft AD directories this is "sAMAccountName"
    $ldap_dn_search_attrib = "sAMAccountName";
    # If you need to bind as a particular user to do the search described
    # above, specify the DN and password in the variables below
    $ldap_dn_search_dn = "cn=administrator,ou=builtin,dc=domain,dc=com" ;
    $ldap_dn_search_password = "Chi39Jg";

    # 'auth_ldap' extra configuration for ldap configuration of who can use
    # the system
    # If it's set, the $ldap_filter will be combined with the value of
    # $ldap_user_attrib like this:
    # (&($ldap_user_attrib=username)($ldap_filter))
    # After binding to check the password, this check is used to see that
    # they are a valid user of mrbs.
    #$ldap_filter = "mrbsuser=y";


    Any suggestions gratefully received.

    Thanks

  2. #2

    Join Date
    Jun 2008
    Posts
    91
    Thank Post
    8
    Thanked 4 Times in 4 Posts
    Rep Power
    14
    you have this set

    $ldap_host = "server.domain.com";

    change it to your domain name.

  3. #3

    Join Date
    Dec 2005
    Location
    Bristol
    Posts
    6
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    yes, as per my message - server.domain.com is our server and domain name - as I say - the names chosen were before my time.

  4. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,616
    Thank Post
    648
    Thanked 1,618 Times in 1,448 Posts
    Rep Power
    421
    Someone literally read the M$ manual then

    Ben

  5. #5

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,660
    Thank Post
    859
    Thanked 646 Times in 429 Posts
    Rep Power
    498
    I found that I had to edit a few of the config files:

    My settings are in red

    config.inc.php
    Code:
    # 'auth_ldap' configuration settings
    # Where is the LDAP server
    $ldap_host = "ip address or fqdn of ldap host";
    # If you have a non-standard LDAP port, you can define it here
    #$ldap_port = 389;
    # If you want to use LDAP v3, change the following to true
    $ldap_v3 = true;
    # If you want to use TLS, change following to true
    $ldap_tls = false;
    # LDAP base distinguish name
    # See AUTHENTICATION for details of how check against multiple base dn's
    
    $ldap_base_dn = "OU=user,OU=located,OU=here,DC=my,DC=domain";
    $account_suffix = "@my.domain";   ***NEW LINE!!***
    # Attribute within the base dn that contains the username
    $ldap_user_attrib = "sAMAccountName";
    #$ldap_user_attrib = "cn";
    ----

    Next was a file called auth_ldap

    Add
    Code:
    global $account_suffix;
    After:

    Code:
    function authValidateUser($user, $pass)
    {
    	global $auth;
    	global $ldap_host;
    	global $ldap_port;
    	global $ldap_v3;
    	global $ldap_tls;
    	global $ldap_base_dn;
    	global $ldap_user_attrib;
    	global $ldap_filter;
    Then Add
    Code:
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); 
     
    ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); //disable plain text passwords
    after
    Code:
    // establish ldap connection
    	// the '@' suppresses errors
    	if (isset($ldap_port))
    	{
    		$ldap = @ldap_connect($ldap_host, $ldap_port);
    	}
    	else
    	{
    		$ldap = @ldap_connect($ldap_host);
    Change
    Code:
    			//if(@ldap_bind($ldap, $dn, $pass))
    to..
    Code:
    			if(@ldap_bind($ldap, $user.$account_suffix, $pass))
    Any probs let me know...

  6. #6

    Join Date
    Dec 2005
    Location
    Bristol
    Posts
    6
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    yes, when you set up a domain and it says enter your domain name (for example domain.com) thats what the prevoise network manager used

    Anyway - thanks for your help - I now have it working it did not like

    $ldap_dn_search_dn = "cn=administrator,ou=builtin,dc=domain,dc=com"

    changed to

    $ldap_dn_search_dn = "cn=administrator,cn=builtin,dc=domain,dc=com" ;

    and okay.

    Merci all.

SHARE:
+ Post New Thread

Similar Threads

  1. Help with MRBS and LDAP
    By bonjour in forum Network and Classroom Management
    Replies: 11
    Last Post: 8th October 2009, 08:23 AM
  2. MRBS Help
    By Scotmk in forum Wireless Networks
    Replies: 5
    Last Post: 27th March 2008, 08:34 AM
  3. MRBS help
    By niknik in forum Web Development
    Replies: 0
    Last Post: 29th August 2007, 03:00 PM
  4. MRBS Help!
    By adamf in forum Network and Classroom Management
    Replies: 1
    Last Post: 22nd April 2007, 09:48 PM
  5. MRBS
    By j17sparky in forum Web Development
    Replies: 6
    Last Post: 17th November 2006, 03:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •