+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Network and Classroom Management Thread, MRBS and LDAP in Technical; Hi, Struggling to get MRBS working with LDAP (Active Directory) Code is as follows; Our domain name is school but ...
  1. #1

    Join Date
    Apr 2007
    Location
    York
    Posts
    558
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    19

    MRBS and LDAP

    Hi,
    Struggling to get MRBS working with LDAP (Active Directory)

    Code is as follows; Our domain name is school but netbios name is stjohns.local
    Whenever you try to login on mrbs it just goes to a white screen

    // 'auth_ldap' configuration settings
    // Where is the LDAP server
    $ldap_host = "2003server.stjohns.local";
    // If you have a non-standard LDAP port, you can define it here
    //$ldap_port = 389;
    // If you do not want to use LDAP v3, change the following to false
    $ldap_v3 = true;
    // If you want to use TLS, change the following to true
    $ldap_tls = false;
    // LDAP base distinguish name
    // See AUTHENTICATION for details of how check against multiple base dn's
    $ldap_base_dn = "ou=users,dc=stjohns,dc=local";
    // Attribute within the base dn that contains the username
    $ldap_user_attrib = "mrbs";
    // If you need to search the directory to find the user's DN to bind
    // with, set the following to the attribute that holds the user's
    // "username". In Microsoft AD directories this is "sAMAccountName"
    $ldap_dn_search_attrib = "mrbs";
    // If you need to bind as a particular user to do the search described
    // above, specify the DN and password in the variables below
    $ldap_dn_search_dn = "cn=mrbs,cn=Users,dc=stjohns,dc=local";
    $ldap_dn_search_password = "********";

  2. #2
    amvc's Avatar
    Join Date
    Oct 2007
    Posts
    136
    Thank Post
    39
    Thanked 14 Times in 12 Posts
    Rep Power
    18
    Hi Karldenton

    This is our working section of the LDAP auth code, i notice that you have a group in Ad for MRBS users? we just allow staff access and set the administrator as our usual admin.


    Code:
    // 'auth_ldap' configuration settings
    // Where is the LDAP server
    $ldap_host = "10.112.32.180";
    // If you have a non-standard LDAP port, you can define it here
    $ldap_port = 389;
    // If you do not want to use LDAP v3, change the following to false
    $ldap_v3 = true;
    // If you want to use TLS, change the following to true
    $ldap_tls = false;
    // LDAP base distinguish name
    // See AUTHENTICATION for details of how check against multiple base dn's
    $ldap_base_dn[] = "ou=Teachers, ou=Teaching Staff, ou=Staff, ou=Establishment, dc=amvc, dc=internal";
    $ldap_base_dn[] = "ou=SMT, ou=Teaching Staff, ou=Staff, ou=Establishment, dc=amvc, dc=internal";
    $ldap_base_dn[] = "ou=Temp, ou=Teaching Staff, ou=Staff, ou=Establishment, dc=amvc, dc=internal";
    $ldap_base_dn[] = "ou=Support Staff, ou=Staff, ou=Establishment, dc=amvc, dc=internal";
    $ldap_base_dn[] = "ou=Admin Accounts, ou=Establishment, dc=amvc, dc=internal";
    $ldap_base_dn[] = "ou=IT, ou=Establishment, dc=amvc, dc=internal";
    // Attribute within the base dn that contains the username
    $ldap_user_attrib = "uid";
    // If you need to search the directory to find the user's DN to bind
    // with, set the following to the attribute that holds the user's
    // "username". In Microsoft AD directories this is "sAMAccountName"
    $ldap_dn_search_attrib = "sAMAccountName";
    // If you need to bind as a particular user to do the search described
    // above, specify the DN and password in the variables below
    $ldap_dn_search_dn = "cn=sysmanager,ou=Admin Accounts, ou=establishment, dc=amvc,dc=internal";
    $ldap_dn_search_password = "********";
    HTH

    Jon

  3. Thanks to amvc from:

    phillipmillward (6th October 2011)

  4. #3

    Join Date
    Apr 2007
    Location
    York
    Posts
    558
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Thanks,

    Just done a few changes to ours as follows:

    // 'auth_ldap' configuration settings
    // Where is the LDAP server
    $ldap_host = "192.168.42.242";
    // If you have a non-standard LDAP port, you can define it here
    $ldap_port = 389;
    // If you do not want to use LDAP v3, change the following to false
    $ldap_v3 = true;
    // If you want to use TLS, change the following to true
    $ldap_tls = false;
    // LDAP base distinguish name
    // See AUTHENTICATION for details of how check against multiple base dn's
    $ldap_base_dn = "ou=StJohnsUsers, ou=Staff, dc=stjohns, dc=local";
    // Attribute within the base dn that contains the username
    $ldap_user_attrib = "uid";
    // If you need to search the directory to find the user's DN to bind
    // with, set the following to the attribute that holds the user's
    // "username". In Microsoft AD directories this is "sAMAccountName"
    $ldap_dn_search_attrib = "sAMAccountName";
    // If you need to bind as a particular user to do the search described
    // above, specify the DN and password in the variables below
    $ldap_dn_search_dn = "cn=mrbs,cn=Users,dc=stjohns,dc=local";
    $ldap_dn_search_password = "*********";

    When I try to login the screen is still white. The netbios name is stjohns.local but the domain name is "school". Does the ldap server need to be set to the IP or localhost as its on that machine.

  5. #4
    amvc's Avatar
    Join Date
    Oct 2007
    Posts
    136
    Thank Post
    39
    Thanked 14 Times in 12 Posts
    Rep Power
    18
    Quote Originally Posted by karldenton View Post
    Thanks,
    Does the ldap server need to be set to the IP or localhost as its on that machine.
    Either should do I think.

    I think your problem is how you are defining your AD structure in the config code, these 2 segments seem to contradict each other?

    // See AUTHENTICATION for details of how check against multiple base dn's
    $ldap_base_dn = "ou=StJohnsUsers, ou=Staff, dc=stjohns, dc=local";
    // above, specify the DN and password in the variables below
    $ldap_dn_search_dn = "cn=mrbs,cn=Users,dc=stjohns,dc=local";
    $ldap_dn_search_password = "*********";
    This last one should be a user with rights to search the AD (I think)

    Jon

  6. #5

    Join Date
    Apr 2007
    Location
    York
    Posts
    558
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    $ldap_dn_search_dn = "cn=administrator,OU=Users,dc=stjohns,dc=local ";
    $ldap_dn_search_password = "*******";

    OK, changed the last section to administrator in the Users OU as its not in the StJohnsUsers OU. Still the same problem

  7. #6
    amvc's Avatar
    Join Date
    Oct 2007
    Posts
    136
    Thank Post
    39
    Thanked 14 Times in 12 Posts
    Rep Power
    18
    We did struggle to get this working properly to start with and had the same error as you with the white screen.

    Can you post a screenie of your AD structure like ours below?

    ADStruct.jpg

    Jon

  8. #7

    Join Date
    Apr 2007
    Location
    York
    Posts
    558
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Find attached.
    Attached Images Attached Images

  9. #8
    amvc's Avatar
    Join Date
    Oct 2007
    Posts
    136
    Thank Post
    39
    Thanked 14 Times in 12 Posts
    Rep Power
    18
    Ok, try...


    // See AUTHENTICATION for details of how check against multiple base dn's
    $ldap_base_dn = "ou=Staff, ou=StJohnsUsers, dc=stjohns, dc=local";
    // Attribute within the base dn that contains the username


    Jon
    Last edited by amvc; 7th August 2009 at 02:45 PM.

  10. #9

    Join Date
    Apr 2007
    Location
    York
    Posts
    558
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    19
    Still the same problem mate.

  11. #10
    amvc's Avatar
    Join Date
    Oct 2007
    Posts
    136
    Thank Post
    39
    Thanked 14 Times in 12 Posts
    Rep Power
    18
    Quote Originally Posted by karldenton View Post
    Still the same problem mate.
    Hmmmm, I dunno then

    I am on hols now so wont be able to check here much for the next couple of weeks, but i have attached our complete config.inc.php, see if there is anything else you may have missed.

    config.inc.zip

    Jon

  12. #11

    Join Date
    Jul 2008
    Location
    wyoming, usa
    Posts
    71
    Thank Post
    21
    Thanked 18 Times in 15 Posts
    Rep Power
    16
    I know that I am late in commenting, but I am just now thinking about setting MRBS and LDAP. When I set up my Joomla site to authenticate using LDAP, I had a white screen when LDAP was not enabled in php config and the proper dll file was not installed. Perhaps that is your issue? Or have you already solved this?
    Jeff

  13. #12
    walkden-high's Avatar
    Join Date
    May 2009
    Location
    salford- manchester
    Posts
    29
    Thank Post
    6
    Thanked 1 Time in 1 Post
    Rep Power
    0

    MRBS ldap

    Hi Karldenton

    When you installed php did you install the Ldap extension during setup I had problems when I first started and thats what was letting me down.

    Here is my config hope this can be any help to you.

    // 'auth_ldap' configuration settings
    // Where is the LDAP server
    $ldap_host = "lh-whs-email.walkden.local";
    // If you have a non-standard LDAP port, you can define it here
    $ldap_port = 389;
    // If you do not want to use LDAP v3, change the following to false
    $ldap_v3 = true;
    // If you want to use TLS, change the following to true
    $ldap_tls = false;
    // LDAP base distinguish name
    // See AUTHENTICATION for details of how check against multiple base dn's
    $ldap_base_dn = "ou=users,ou=walkden,dc=walkden,dc=local";
    // Attribute within the base dn that contains the username
    $ldap_user_attrib = "sAMAccountName";
    // If you need to search the directory to find the user's DN to bind
    // with, set the following to the attribute that holds the user's
    // "username". In Microsoft AD directories this is "sAMAccountName"
    $ldap_dn_search_attrib = "sAMAccountName";
    // If you need to bind as a particular user to do the search described
    // above, specify the DN and password in the variables below
    $ldap_dn_search_dn = "cn=search, ou=ldap,ou=users,ou=walkden,dc=walkden,dc=local";
    $ldap_dn_search_password = "*****";

  14. #13

    Join Date
    Sep 2008
    Location
    England
    Posts
    271
    Thank Post
    6
    Thanked 70 Times in 62 Posts
    Rep Power
    53
    Possibly a bit late, but i think $ldap_dn_search_attrib should be set to "sAMAccountName" (case sensitive).


    // If you need to search the directory to find the user's DN to bind
    // with, set the following to the attribute that holds the user's
    // "username". In Microsoft AD directories this is "sAMAccountName"
    $ldap_dn_search_attrib = "mrbs";

    Hope this helps.

  15. #14

    Join Date
    Dec 2010
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi,

    Mine is working fine, but strugling with setting up the admin account in ldap configuration,

    Thanks in advance.

  16. #15

    Join Date
    Sep 2008
    Location
    England
    Posts
    271
    Thank Post
    6
    Thanked 70 Times in 62 Posts
    Rep Power
    53
    Quote Originally Posted by ksaravana View Post
    Hi,

    Mine is working fine, but strugling with setting up the admin account in ldap configuration,

    Thanks in advance.
    You need to make sure you have the following in your config.inc.php


    Code:
    // The list of administrators (can modify other peoples settings).
    //
    // This list is not needed when using the 'db' authentication scheme EXCEPT
    // when upgrading from a pre-MRBS 1.4.2 system that used db authentication.
    // Pre-1.4.2 the 'db' authentication scheme did need this list.   When running
    // edit_users.php for the first time in a 1.4.2 system or later, with an existing
    // users list in the database, the system will automatically add a field to
    // the table for access rights and give admin rights to those users in the database
    // for whom admin rights are defined here.   After that this list is ignored.
    unset($auth["admin"]);              // Include this when copying to config.inc.php
    $auth["admin"][] = "127.0.0.1";     // localhost IP address. Useful with IP sessions.
    $auth["admin"][] = "administrator"; // A user name from the user list. Useful 
                                        // with most other session schemes.
    Just after this, add the following line, but change "administrator" to the username of your ldap admin user. The

    Code:
    $auth["admin"][] = "administrator";
    That should hopefully give you admin rights with that user.

    In future it is best to start a new thread if you are not having the same problem and symptoms as described in the first post. This makes it easier for people to follow posts on the forum.

    Hope you are enjoying your holidays.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Help with MRBS and LDAP
    By bonjour in forum Network and Classroom Management
    Replies: 11
    Last Post: 8th October 2009, 08:23 AM
  2. mrbs 1.4.1 not working with ldap
    By walkden-high in forum Windows Server 2000/2003
    Replies: 4
    Last Post: 30th May 2009, 01:24 PM
  3. MRBS ldap
    By russdev in forum Web Development
    Replies: 6
    Last Post: 26th May 2009, 10:11 AM
  4. Authenticating MRBS against Active Directory using LDAP
    By Wizzer in forum Web Development
    Replies: 2
    Last Post: 26th January 2006, 04:21 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •