[MRBS-general] Authenticating only some LDAP groups
Brought to you by:
jberanek
Menu
▾
▴
[MRBS-general] Authenticating only some LDAP groups
|
From: D F. H. <dfa...@ha...> - 2009-09-29 13:02:39
|
Hello, The school I work at are using the mrbs system happily for booking IT facilities in the school. Now the maths department want a similar setup for some department specific resources and only want Maths teachers to be able to make bookings. Well ideally they would like to book 2months in advance and limit everyone else to 1month in advance, but would settle for now on being the only ones with access to the booking system. I suspect that I would need to change the ldap_filter value or something similar but my attempts at doing it by trial and error aren't getting very far so if anyone could suggest what I should change to the config it would be appreciated. The current LDAP config (with username/password changed): $ldap_host = "har-sr-001.harris.internal"; $ldap_port = 389; $ldap_v3 = true; $ldap_tls = false; $ldap_base_dn = "ou=Teaching Staff,ou=HAR,ou=Establishments,dc=harris,dc=internal"; $ldap_user_attrib = "cn"; // <- Seems to make no difference if I set this or not tried settting to uid and cn and left commented out $ldap_dn_search_attrib = "sAMAccountName"; $ldap_dn_search_dn = "cn=User Name,cn=Users,dc=harris,dc=internal"; $ldap_dn_search_password = "valid password"; This works at allowing all teaching staff to use mrbs. The system is an RM CC3 configured Win 2003 server with the maths teachers members of 'HAR Maths Teachers' (the group is setup in the harris.internal/Establishments/HAR folder) but with all the staff in the same location. (I might be able to change the user accounts location in AD but if possible I would like to filter by group). The mrbs is on a linux system and is version 1.4.1 Please let me know if there are any other details that would be helpful. Daniel Warwickshire Schools Email System This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please forward to: pos...@we.... If the content of this email is considered to be inappropriate or offensive please report by forwarding to: rep...@we... |