mrbs & ldap_filter

Ive got MRBS up, working and authenticing against AD (LDAP)

Now i want to specify who can book rooms. I thought it would be done by the base_dn (ie anything under it is included, if not it isnt) but by the looks of it it is done by use of "ldap_filter"

Only problem is i have no idea of how to use it.

Any advice :beer:

Heres a copy of the config.inc for good measure

Code:

---

# 'auth_ldap' configuration settings
# Where is the LDAP server
$ldap_host = "dc-02.ianramsey.local";
# If you have a non-standard LDAP port, you can define it here
$ldap_port = 389;
# If you want to use LDAP v3, change the following to true
$ldap_v3 = true;
# If you want to use TLS, change following to true
$ldap_tls = false;
# LDAP base distinguish name
# See AUTHENTICATION for details of how check against multiple base dn's
$ldap_base_dn = "ou=Admins,dc=ianramsey,dc=local";
$account_suffix = "@ianramsey.local";
# Attribute within the base dn that contains the username
$ldap_user_attrib = "sAMAccountName";


# 'auth_ldap' extra configuration for ldap configuration of who can use
# the system
# If it's set, the $ldap_filter will be combined with the value of
# $ldap_user_attrib like this:
#  (&($ldap_user_attrib=username)($ldap_filter))
# After binding to check the password, this check is used to see that
# they are a valid user of mrbs.
#$ldap_filter = "mrbsuser=y";

---

Easiest way is to set the ldap filter to check if the user is a member of a paticular group. You can do this with the 'memberOf' attribute. e.g.

Code:

---

$ldap_filter = "memberOf=CN=Domain Admins,CN=Users,DC=carrhill,DC=lancs,DC=sch,DC=uk";

---

Will check if the user is a Domain Admin.

^ Cheers, id tryed the above with it pointing to an OU, didnt work.


Done it your way and yep, its working now. Cheers :beer:

...