[MRBS-general] Post upgrade LDAP/AD authentication
Brought to you by:
jberanek
Menu
▾
▴
[MRBS-general] Post upgrade LDAP/AD authentication
|
From: Chris J. (IT Services) <cjo...@ke...> - 2010-03-31 13:41:37
|
Update on the message below:
AD auth is working but not for all users in the group detailed and in the OU detailed.
Its not just those listed in the admin section either as I created a new user, which wouldn't log in, added it to the admin section in config.inc.php and it still wouldn't log in.
Anyone know where I should be looking to see where the errors are? I'm running it on Linux and apache2 aith auth_ldap.
Chris
From: Chris Johnson (IT Services)
Sent: 31 March 2010 13:43
To: 'mrb...@li...'
Subject: Post upgrade LDAP/AD authentication
Hopefully this will be the last post...
I've checked my 1.4.2 LDAP settings against the new 1.4.3 LDAP settings and they are identical.
I'm authenticating against the same Active directory server. Nothing has changed on the server side, all my efforts have been on getting the 1.4.3 update installed.
Here's my config.inc.php file bits related to ldap
$auth["session"] = "php";
$auth["type"] = "ldap";
$ldap_host = "172.16.1.1";
$ldap_v3 = true;
$ldap_base_dn[] = "ou=Users,ou=ITServices,dc=kes,dc=school";
$ldap_user_attrib = "sAMAccountName";
$ldap_dn_search_attrib = "sAMAccountName";
//changed these details ;0) \/ \/
$ldap_dn_search_dn = "cn=Myusername,dc=myorg,dc=com";
$ldap_dn_search_password = "MyPassword";
$ldap_filter = "memberOf=CN=ResourceBookingSystem_Write,OU=PermissionGroups,dc=kes,dc=school";
I've user softerra ldap browser to make sure the LDAP bind username and password works (and it does) and the samaccountname matches with what I'm using to log in and is a member of the group.
I checked new and old versions of auth_ldap.inc and they are different in the place they filter
New line 165: "(&($dn)($ldap_filter))",
old line 165: "(&(". $all_ldap_user_attrib[$idx] ."=$user)($ldap_filter))",
but changing this makes no difference
I tried tailing some log files but didn't know which file to look to find any errors.
Any ideas?
Chris Johnson
ICT Strategy Development Manager
King Edward VII School
Sheffield
e:cjo...@ke...
t:01142296570
|