LDAP authentication not working MRBS 1.4.10

[jberanek]

Dear MRBS Team, I’m working at an International School. Currently, we are using MRBS 1.2.4 Database: MySQL 5.0.15-nt System: Windows NT BIS6 5.0 build 2195 PHP: 5.1.4 And all work fine. We are planning to upgrade to the latest version and we have downloaded and installed it as the following:

MRBS 1.4.10 Database: MySQL 5.0.96-community-nt System: Windows NT VM-SVR01 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) AMD64 Server time: 9/24/2013 1:57:32 PM PHP: 5.5.1

But it cannot authenticate our Domain users using LDAP.

Here is config.inc.php

<?php

// $Id: config.inc.php 2632 2013-01-03 21:41:38Z cimorrison $

/**

• MRBS Configuration File
• Configure this file for your site.
• You shouldn't have to modify anything outside this file
• (except for the lang.* files, eg lang.en for English, if
• you want to change text strings such as "Meeting Room
• Booking System", "room" and "area"). **/

/**

• Timezone **/

// The timezone your meeting rooms run in. It is especially important // to set this if you're using PHP 5 on Linux. In this configuration // if you don't, meetings in a different DST than you are currently // in are offset by the DST offset incorrectly. // // Note that timezones can be set on a per-area basis, so strictly speaking this // setting should be in areadefaults.inc.php, but as it is so important to set // the right timezone it is included here. // // When upgrading an existing installation, this should be set to the // timezone the web server runs in. See the INSTALL document for more information. // // A list of valid timezones can be found at http://php.net/manual/timezones.php // The following line must be uncommented by removing the '//' at the beginning $timezone = "Asia/Bangkok";

/***

• Database settings **/ // Which database system: "pgsql"=PostgreSQL, "mysql"=MySQL, // "mysqli"=MySQL via the mysqli PHP extension $dbsys = "mysql"; // Hostname of database server. For pgsql, can use "" instead of localhost // to use Unix Domain Sockets instead of TCP/IP. $db_host = "localhost"; // Database name: $db_database = "app"; // Database login user name: $db_login = "root"; // Database login password: $db_password = '123456'; // Prefix for table names. This will allow multiple installations where only // one database is available $db_tblprefix = "mrbs"; // Uncomment this to NOT use PHP persistent (pooled) database connections: // $db_nopersist = 1;

/ Add lines from systemdefaults.inc.php and areadefaults.inc.php below here to change the default configuration. Do NOT modify systemdefaults.inc.php or areadefaults.inc.php. /

/***

• Authentication settings - read AUTHENTICATION ***/

$auth["session"] = "php"; // How to get and keep the user ID. One of // "http" "php" "cookie" "ip" "host" "nt" "omni" // "remote_user"

$auth["type"] = "ldap"; // How to validate the user/password. One of "none" // "config" "db" "db_ext" "pop3" "imap" "ldap" "nis" // "nw" "ext".

// Configuration parameters for 'cookie' session scheme

// The encryption secret key for the session tokens. You are strongly // advised to change this if you use this session scheme $auth["session_cookie"]["secret"] = "This isn't a very good secret!"; // The expiry time of a session, in seconds. Set to 0 to use session cookies $auth["session_cookie"]["session_expire_time"] = (606024*30); // 30 days // Whether to include the user's IP address in their session cookie. // Increases security, but could cause problems with proxies/dynamic IP // machines $auth["session_cookie"]["include_ip"] = TRUE;

// Configuration parameters for 'php' session scheme

// The expiry time of a session, in seconds // N.B. Long session expiry times rely on PHP not retiring the session // on the server too early. If you only want session cookies to be used, // set this to 0. $auth["session_php"]["session_expire_time"] = (606024*30); // 30 days

// Cookie path override. If this value is set it will be used by the // 'php' and 'cookie' session schemes to override the default behaviour // of automatically determining the cookie path to use //$cookie_path_override = '/mrbs/';

// The list of administrators (can modify other peoples settings). // // This list is not needed when using the 'db' authentication scheme EXCEPT // when upgrading from a pre-MRBS 1.4.2 system that used db authentication. // Pre-1.4.2 the 'db' authentication scheme did need this list. When running // edit_users.php for the first time in a 1.4.2 system or later, with an existing // users list in the database, the system will automatically add a field to // the table for access rights and give admin rights to those users in the database // for whom admin rights are defined here. After that this list is ignored. unset($auth["admin"]); // Include this when copying to config.inc.php $auth["admin"][] = "127.0.0.1"; // localhost IP address. Useful with IP sessions. $auth["admin"][] = "administrator"; // A user name from the user list. Useful // with most other session schemes. //$auth["admin"][] = "10.0.0.1"; //$auth["admin"][] = "10.0.0.2"; //$auth["admin"][] = "10.0.0.3";

// 'session_http' configuration settings $auth["realm"] = "mrbs";

// 'session_remote_user' configuration settings //$auth['remote_user']['login_link'] = '/login/link.html'; //$auth['remote_user']['logout_link'] = '/logout/link.html';

// 'auth_ldap' configuration settings

// Many of the LDAP parameters can be specified as arrays, in order to // specify multiple LDAP directories to search within. Each item below // will specify whether the item can be specified as an array. If any // parameter is specified as an array, then EVERY array configuration // parameter must have the same number of elements. You can specify a // parameter as an array as in the following example: // // $ldap_host = array('', '');

$ldap_host = "dcXX.abc.com"; $account_suffix = "@abc.com"; //$ldap_port = 389; // If you do not want to use LDAP v3, change the following to false. // This can be an array. $ldap_v3 = true; // If you want to use TLS, change the following to true. // This can be an array. //$ldap_tls = true; // LDAP base distinguish name. // This can be an array. $ldap_base_dn = "ou=IT,dc=AllUsers,dc=abc,dc=com"; $ldap_user_attrib = "sAMAccountName"; $ldap_dn_search_attrib = "sAMAccountName";

// Output debugging information for LDAP actions $ldap_debug = TRUE; $ldap_disable_referrals = FALSE;

?>

We always got unknow user.

If I replace auth_ldap.inc with the file in old version, it works!!!

Here is the log:

The description for Event ID 2 from source PHP-5.5.1 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

php[2816] authValidateUserCallback: Bind to '' failed

The description for Event ID 2 from source PHP-5.5.1 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

php[2816] authLdapAction: Didn't find entry using 'sAMAccountName'

php[2816] authLdapAction: Result of initial bind is 1

The following information was included with the event:

php[2816] authLdapAction: Got LDAP connection

I look forward to hearing from you. Thank you.

Reported by: tranngocson9999

Original Ticket: mrbs/support-requests/389

[jberanek]

any solution on this?

Original comment by: *anonymous