Meeting Room Booking System / DO NOT USE - Support Requests / #1644 LDAP cot connecting

#1644 LDAP cot connecting

Status: open

Owner: nobody

Labels: LDAP (16)

Priority: 1

Updated: 2018-11-26

Created: 2018-11-22

Creator: Gordon Johnson

Private: No

LDAP does not seem to validate credentials
here's out LDAP code in config.inc.php

$auth["type"] = "ldap";
$ldap_host = "192.168.100.20";
$ldap_v3 = true;
$ldap_tls = false;
$ldap_base_dn = "ou=MSC,dc=moyne,dc=vic,dc=gov,dc=au";
$ldap_user_attrib = "sAMAccountName";
$ldap_debug = true;

in php.ini the extension=ldap has had the semicolon removed
and this is the dbug log
[21-Nov-2018 01:52:31 Europe/Berlin] authLdapAction: Got LDAP connection
[21-Nov-2018 01:52:31 Europe/Berlin] authLdapAction: Constructed dn 'sAMAccountName=testy.mctest,ou=MSC,dc=moyne,dc=vic,dc=gov,dc=au' and user_search 'sAMAccountName=testy.mctest' using 'sAMAccountName'
[21-Nov-2018 01:52:31 Europe/Berlin] authValidateUserCallback: base_dn 'ou=MSC,dc=moyne,dc=vic,dc=gov,dc=au' dn 'sAMAccountName=testy.mctest,ou=MSC,dc=moyne,dc=vic,dc=gov,dc=au' user 'testy.mctest'
[21-Nov-2018 01:52:31 Europe/Berlin] authValidateUserCallback: Bind to 'sAMAccountName=testy.mctest,ou=MSC,dc=moyne,dc=vic,dc=gov,dc=au' failed: Invalid credentials

it just doesn’t seem to want to connect to our LDAP AD for authentication. Do we need to setup a group or is there something else I’m missing?

Discussion

For Active Directory (which it looks like you're using) you don't want $ldap_user_attrib, but instead:

//$ldap_dn_search_attrib = "sAMAccountName";

and if you can't search your AD anonymously:

// If you need to bind as a particular user to do the search described
// above, specify the DN and password in the variables below
// These two parameters can be arrays.
// $ldap_dn_search_dn = "cn=Search User,ou=Users,dc=example,dc=com"; // Any compliant LDAP
// $ldap_dn_search_dn = "searchuser@example.com"; // A form which could work for AD LDAP
// $ldap_dn_search_password = "some-password";

Gordon Johnson - 2018-11-23

Replaced user_atrib with the search_attrib
Sorry for my ignorance but when I put a user in the >
// $ldap_dn_search_dn = "cn= testy.mctest,ou=MSC,dc=moyne,dc=vic,dc=gov,dc=au"; // Any compliant LDAP
// $ldap_dn_search_dn = " testy.mctest@moyne.vic.gov.au"; // A form which could work for AD LDAP
// $ldap_dn_search_password = "hispassword";
The MRBS opens up under his username, but when I log him off and try another user I get a URL too long error (414)
Any ideas?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

John Beranek - 2018-11-23

The lines starting with // are comments, so won't take effect, so you need:

$ldap_dn_search_attrib = "sAMAccountName"; $ldap_dn_search_dn = " testy.mctest@moyne.vic.gov.au"; // A form which could work for AD LDAP $ldap_dn_search_password = "hispassword";
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Campbell Morrison - 2018-11-23

There is a bug in MRBS 1.7.1 which results in the URL getting longer and longer as you log on and log off again. It is fixed in the latest version of the development code in the default branch. You can download the latest snapshot from here. Treat it like an upgrade - full instructions in the UPGRADE file.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Gordon Johnson - 2018-11-26

Thanks so much John and Campbell - John's change fixed both the LDAp bind and the long URL - you guys rock - thanks so much

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

LDAP cot connecting

Group

Searches

Help

#1644 LDAP cot connecting

Discussion