+ Post New Thread
Results 1 to 3 of 3
Web Development Thread, Authenticating MRBS against Active Directory using LDAP in Coding and Web Development; I've been trying to get this to work. It's fine with "config" authentication, but I want to use AD. I've ...
  1. #1

    Join Date
    Nov 2005
    Posts
    95
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Authenticating MRBS against Active Directory using LDAP

    I've been trying to get this to work. It's fine with "config" authentication, but I want to use AD.

    I've managed to get Moodle to use AD but it asks for lots more information about the LDAP server than MRBS seems to want.

    Anyone got any pointers / common problems to check out?

    Cheers.

    (edited to remove stupidity, yes I did mean MRBS)

  2. #2

    Join Date
    Nov 2005
    Location
    Middlesbrough
    Posts
    402
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Authenticating MBRS against Active Directory using LDAP

    You do mean MRBS don't you?

    Have you looked at this? You'll have to give it details of your AD setup. If you're going to use the auth_ldap method you'll also have to build/enable this in php.

    More specifically:

    Code:
    LDAP Authentication
    -------------------
    
    There are currently three methods for doing LDAP authentication, auth_ldap,
    auth_ldap.pl, auth_ldapsearch.pl.  The preferred method, auth_ldap, uses
    the LDAP functionality built into PHP and is described here.  The other
    methods use the 'ext' authentication method and described further on in
    this file.
    
    This method can be used by setting config.inc.php as follows:
    
    $auth["type"] = "ldap";
    
    Also you will need to change the section:
    
    # 'auth_ldap' configuration settings
    # Where is the LDAP server
    $ldap_host = "localhost";
    # LDAP base distinguish name
    # See AUTHENTICATION for details of how check against multiple base dn's
    $ldap_base_dn = "ou=organizationalunit,dc=my-domain,dc=com";
    # Attribute within the base dn that contains the username
    $ldap_user_attrib = "uid";
    
    This method will attempt an authenticated bind to the ldap server using
    the supplied password and a distinguished name, which is formed from the
    base distinguished name, the user attribute and the user name. 
    
    This method supports multiple $ldap_base_dn entries and $ldap_user_attrib
    values.  The authentication is attempted with each base dn in turn until it
    succeeds or it fails to authenticate the user.
    
    Multiple base distinguished names with the same user attribute for each
    base dn:
    # 'auth_ldap' configuration settings
    # Where is the LDAP server
    $ldap_host = "localhost";
    # LDAP base distinguish names
    $ldap_base_dn[] = "ou=People, o=myCompany, c=US";
    $ldap_base_dn[] = "ou=Administrators, o=myCompany, c=US";
    #
    $ldap_user_attrib = "uid";
    
    Multiple base distinguished names with the option of different user attributes
    for each base dn:
    # 'auth_ldap' configuration settings
    # Where is the LDAP server
    $ldap_host = "localhost";
    # LDAP base distinguish names
    $ldap_base_dn[] = "ou=People, o=myCompany, c=US";
    $ldap_base_dn[] = "ou=Administrators, o=myCompany, c=US";
    #
    $ldap_user_attrib[] = "uid";
    $ldap_user_attrib[] = "cn";
    
    Note: if you use the latter configuration then an equal number of base dn's
    and user attributes must be specified or authentication will fail.

  3. #3

    Join Date
    Nov 2005
    Posts
    95
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Authenticating MRBS against Active Directory using LDAP

    Yes, I've read the relavent docs. and the machine MRBS is on also hosts Moodle which authenticates against AD just fine.

    This is how my config currently looks:

    Code:
    $auth["session"] = "php"; # How to get and keep the user ID. One of
    			  # "http" "php" "cookie" "ip" "host" "nt" "omni".
    $auth["type"] = "ldap"; # How to validate the user/password. One of "none"
                              # "config" "db" "db_ext" "pop3" "imap" "ldap" "nis"
                              # "nw" "ext".
    
    # The list of administrators (can modify other peoples settings)
    #$auth["admin"][] = "127.0.0.1";	# localhost IP address. Useful with IP sessions.
    $auth["admin"][] = "rww";	# A user name from the user list. Useful 
                                        #with most other session schemes.
    
    # 'auth_ldap' configuration settings
    # Where is the LDAP server
    $ldap_host = "server";
    # LDAP base distinguish name
    # See AUTHENTICATION for details of how check against multiple base dn's
    $ldap_base_dn = "ou=Staff, ou=RWS,dc=royal,dc=wolverhampton,dc=sch,dc=uk";
    # Attribute within the base dn that contains the username
    $ldap_user_attrib = "sAMAccountName";
    
    # 'auth_ldap' extra configuration for ldap configuration of who can use
    # the system
    # If it's set, the $ldap_filter will be combined with the value of
    # $ldap_user_attrib like this:
    #   (&($ldap_user_attrib=username)($ldap_filter))
    # After binding to check the password, this check is used to see that
    # they are a valid user of mrbs.
    #$ldap_user_filter = "mrbsuser=y";

SHARE:
+ Post New Thread

Similar Threads

  1. Help with MRBS and LDAP
    By bonjour in forum Network and Classroom Management
    Replies: 11
    Last Post: 8th October 2009, 08:23 AM
  2. Active Directory Explorer
    By ajbritton in forum Windows
    Replies: 6
    Last Post: 15th November 2007, 10:37 PM
  3. PDA and Active Directory
    By localzuk in forum Windows
    Replies: 4
    Last Post: 10th October 2007, 03:54 PM
  4. Active Directory Structure
    By baronne in forum Windows
    Replies: 16
    Last Post: 26th February 2007, 10:33 AM
  5. DNS problem under Active Directory.
    By ArchersIT in forum Windows
    Replies: 6
    Last Post: 19th February 2007, 03:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •