Hi All,

My first post here, this place is a great resource of knowledge!

I have set up MRBS v1.4.8 on a Ubuntu Server 11.10. I am using LDAP authentication which works great.

In my MRBS set up I have two OUs in ldap_base_dn, one for Associate Staff and one for Teaching And Support Staff, so everyone from these two OUs are able to login to MRBS. What I would like to do is to filter users from these OUs and put them in appropriate groups, which I have also set up in AD and called them mrbs_users and mrbs_admins. This would enable me to have greater control over who can access MRBS and also being able to control access from AD rather than editing config files to change admins, etc.

Is it possible to set up MRBS to work this way?

Here is the part of the config file responsible for authentication:

/**********LDAP Authentication**********/

$auth["session"] = "php";
$auth["type"] = "ldap";

$ldap_host = "192.168.x.x";
$ldap_port = 389;
$ldap_v3 = true;
$ldap_tls = false;

$ldap_base_dn[] = "ou=Associate Staff, dc=company, dc=com";
$ldap_base_dn[] = "ou=Teaching And Support Staff, dc=company, dc=com";

$ldap_user_attrib = "sAMAccountName";
$ldap_dn_search_dn = "cn=user,cn=Users,dc=company, dc=com";
$ldap_dn_search_attrib = "sAMAccountName";
$ldap_dn_search_password = "password";

$ldap_filter[] = "memberof=cn=mrbs_admins,ou=MRBS, dc=company, dc=com";
$ldap_filter[] = "memberof=cn=mrbs_users,ou=MRBS, dc=company, dc=com";

$ldap_admin_group_dn = 'cn=mrbs_admins,ou=MRBS,dc=company, dc=com';
$ldap_group_member_attrib = 'memberof';

#$ldap_debug = FALSE;

It seems like the first ldap_filter applies to first ldap_base_dn and same for the second element, so in this case only members of Associate Staff are able to login as admins and vice versa for Teachings and Support Staff. However, some users from the Teaching Staff OU also need to be able to log in as admins and this won't work in the current setup. Is there any way to make this work? and be able to control user access from AD?