meeting-room-booking-system / mrbs-code

MRBS application code
Other
129 stars 64 forks source link

MRBS LDAP Authentication Problem #1736

Open jberanek opened 8 years ago

jberanek commented 8 years ago

Hi, Im trying to use LDAP for the authentication of my system MRBS. But when I try to login as one of the user in my LDAP, the system does not regconize the user and prompt "Unknown User" error. Appreciate for any assistance.

Reported by: *anonymous

Original Ticket: mrbs/support-requests/1013

jberanek commented 8 years ago

Hi, I'm having the same problem on version 1.5.0 with what should be the correct ldap settings. What should I expect to see in the browser after setting $ldap_debug = TRUE;? It didn't appear to make any difference even after intentionally setting an invalid base DN. Thank you.

Original comment by: ahar23

jberanek commented 8 years ago

Hi, Just an update on my situation. I should have mentioned I was configuring MRBS for LDAPS on port 636. Is that supported? I've found I can get it to work when I point it to one of our domain controllers on port 389.

Original comment by: ahar23

jberanek commented 8 years ago

Can you share with me your LDAP authentication configuration as reference? Because im not sure whether my LDAP authentication configuration is correct or not.

Original comment by: *anonymous

jberanek commented 8 years ago

Ya, i have set the $ldap_debug = TRUE; but i did not see any error/alert prompt regarding the configuration although the ldap authentication did not work.

Original comment by: *anonymous

jberanek commented 8 years ago
<?php

// $Id: config.inc.php 2799 2014-01-09 12:44:22Z cimorrison $

/**************************************************************************
 *   MRBS Configuration File
 *   Configure this file for your site.
 *   You shouldn't have to modify anything outside this file.
 *
 *   This file has already been populated with the minimum set of configuration
 *   variables that you will need to change to get your system up and running.
 *   If you want to change any of the other settings in systemdefaults.inc.php
 *   or areadefaults.inc.php, then copy the relevant lines into this file
 *   and edit them here.   This file will override the default settings and
 *   when you upgrade to a new version of MRBS the config file is preserved.
 **************************************************************************/

/**********
 * Timezone
 **********/

// The timezone your meeting rooms run in. It is especially important
// to set this if you're using PHP 5 on Linux. In this configuration
// if you don't, meetings in a different DST than you are currently
// in are offset by the DST offset incorrectly.
//
// Note that timezones can be set on a per-area basis, so strictly speaking this
// setting should be in areadefaults.inc.php, but as it is so important to set
// the right timezone it is included here.
//
// When upgrading an existing installation, this should be set to the
// timezone the web server runs in.  See the INSTALL document for more information.
//
// A list of valid timezones can be found at http://php.net/manual/timezones.php
// The following line must be uncommented by removing the '//' at the beginning
$timezone = "America/Caracas";

/*******************
 * Database settings
 ******************/
// Which database system: "pgsql"=PostgreSQL, "mysql"=MySQL,
// "mysqli"=MySQL via the mysqli PHP extension
$dbsys = "mysql";
// Hostname of database server. For pgsql, can use "" instead of localhost
// to use Unix Domain Sockets instead of TCP/IP. For mysql/mysqli "localhost"
// tells the system to use Unix Domain Sockets, and $db_port will be ignored;
// if you want to force TCP connection you can use "127.0.0.1".
$db_host = "10.10.10.1";
// If you need to use a non standard port for the database connection you
// can uncomment the following line and specify the port number
$db_port = 3306;
// Database name:
$db_database = "mrbs";
// Schema name.  This only applies to PostgreSQL and is only necessary if you have more
// than one schema in your database and also you are using the same MRBS table names in
// multiple schemas.
//$db_schema = "public";
// Database login user name:
$db_login = "root";
// Database login password:
$db_password = '00000'; edit
// Prefix for table names.  This will allow multiple installations where only
// one database is available
$db_tbl_prefix = "mrbs_";
// Uncomment this to NOT use PHP persistent (pooled) database connections:
// $db_nopersist = 1;

/***********************************************
 * Authentication settings - read AUTHENTICATION
 ***********************************************/

$auth["session"] = "php"; // How to get and keep the user ID. One of
           // "http" "php" "cookie" "ip" "host" "nt" "omni"
           // "remote_user"

$auth["type"] = "ldap"; // How to validate the user/password. One of "none"
                          // "config" "db" "db_ext" "pop3" "imap" "ldap" "nis"
                          // "nw" "ext".

// Configuration parameters for 'cookie' session scheme

/* Add lines from systemdefaults.inc.php and areadefaults.inc.php below here
   to change the default configuration. Do _NOT_ modify systemdefaults.inc.php
   or areadefaults.inc.php.  */

// 'auth_ldap' configuration settings

// Many of the LDAP parameters can be specified as arrays, in order to
// specify multiple LDAP directories to search within. Each item below
// will specify whether the item can be specified as an array. If any
// parameter is specified as an array, then EVERY array configuration
// parameter must have the same number of elements. You can specify a
// parameter as an array as in the following example:
//
// $ldap_host = array('localhost', 'otherhost.example.com');

// Where is the LDAP server.
// This can be an array.
$ldap_host = 'ad.synergy-gb.com';

// If you have a non-standard LDAP port, you can define it here.
// This can be an array.
$ldap_port = 389;

// If you do not want to use LDAP v3, change the following to false.
// This can be an array.
$ldap_v3 = true;

// If you want to use TLS, change the following to true.
// This can be an array.
$ldap_tls = false;

// LDAP base distinguish name.
// This can be an array.
$ldap_base_dn = "CN=Users,DC=synergy-gb,DC=com";

// Attribute within the base dn that contains the username
// This can be an array.
//$ldap_user_attrib = "uid";

// If you need to search the directory to find the user's DN to bind
// with, set the following to the attribute that holds the user's
// "username". In Microsoft AD directories this is "sAMAccountName"
// This can be an array.
$ldap_dn_search_attrib = "sAMAccountName";

// If you need to bind as a particular user to do the search described
// above, specify the DN and password in the variables below
// These two parameters can be arrays.
$ldap_dn_search_dn = "CN=auth_apps,CN=Users,DC=synergy-gb,DC=com";
$ldap_dn_search_password = "000000";edit

// 'auth_ldap' extra configuration for ldap configuration of who can use
// the system
// If it's set, the $ldap_filter will be used to determine whether a
// user will be granted access to MRBS
// This can be an array.
// An example for Microsoft AD:
//$ldap_filter = "memberof=cn=whater,ou=whatver,dc=example,dc=com";

// If you need to disable client referrals, this should be set to TRUE.
// Note: Active Directory for Windows 2003 forward requires this.
$ldap_disable_referrals = TRUE;

// Set to TRUE to tell MRBS to look up a user's email address in LDAP.
// Utilises $ldap_email_attrib below
$ldap_get_user_email = TRUE;
// The LDAP attribute which holds a user's email address
// This can be an array.
$ldap_email_attrib = 'mail';

// The DN of the LDAP group that MRBS admins must be in. If this is defined
// then the $auth["admin"] is not used.
// This can be an array.
// $ldap_admin_group_dn = 'cn=admins,ou=whoever,dc=example,dc=com';

// The LDAP attribute that holds group membership details. Used with
// $ldap_admin_group_dn, above.
// This can be an array.
$ldap_group_member_attrib = 'memberof';

// Set to TRUE if you want MRBS to call ldap_unbind() between successive
// attempts to bind. Unbinding while still connected upsets some
// LDAP servers
$ldap_unbind_between_attempts = FALSE;

// Output debugging information for LDAP actions
$ldap_debug = TRUE;

// 'auth_imap' configuration settings
// See AUTHENTICATION for details of how check against multiple servers
// Where is the IMAP server
$imap_host = "imap-server-name";
// The IMAP server port
$imap_port = "143";

// 'auth_imap_php' configuration settings
$auth["imap_php"]["hostname"] = "localhost";
// You can also specify any of the following options:
// Specifies the port number to connect to
//$auth["imap_php"]["port"] = 993;
// Use SSL
//$auth["imap_php"]["ssl"] = TRUE;
// Use TLS
//$auth["imap_php"]["tls"] = TRUE;
// Turn off SSL/TLS certificate validation
//$auth["imap_php"]["novalidate-cert"] = TRUE;

// 'auth_pop3' configuration settings
// See AUTHENTICATION for details of how check against multiple servers
// Where is the POP3 server
$pop3_host = "pop3-server-name";
// The POP3 server port
$pop3_port = "110";

// 'auth_smtp' configuration settings
$auth['smtp']['server'] = 'myserver.example.org';

// General settings
// If you want only administrators to be able to make and delete bookings,
// set this variable to TRUE
$auth['only_admin_can_book'] = FALSE;
// If you want only administrators to be able to make repeat bookings,
// set this variable to TRUE
$auth['only_admin_can_book_repeat'] = FALSE;
// If you want only administrators to be able to make bookings spanning
// more than one day, set this variable to TRUE.
$auth['only_admin_can_book_multiday'] = FALSE;
// If you want only administrators to be able to select multiple rooms
// on the booking form then set this to TRUE.  (It doesn't stop ordinary users
// making separate bookings for the same time slot, but it does slow them down).
$auth['only_admin_can_select_multiroom'] = FALSE;
// If you don't want ordinary users to be able to see the other users'
// details then set this to TRUE.  (Only relevant when using 'db' authentication]
$auth['only_admin_can_see_other_users'] = FALSE;
// If you want to prevent the public (ie un-logged in users) from
// being able to view bookings, set this variable to TRUE
$auth['deny_public_access'] = FALSE;
// Set to TRUE if you want admins to be able to perform bulk deletions
// on the Report page.  (It also only shows up if JavaScript is enabled)
$auth['show_bulk_delete'] = FALSE;

// Set to TRUE if you want to allow MRBS to be run from the command line, for example
// if you want to produce reports from a cron job.   (It is set to FALSE by default
// as a security measure, because when running from the CLI you are assumed to have
// full admin access).
$allow_cli = FALSE;

my file failed the autenthication

Original comment by: *anonymous

jberanek commented 8 years ago

I'm trying to do the user authentication but fails it says unknown'm sending settings to see if you can help me set

Original comment by: *anonymous

jberanek commented 8 years ago

Acerca de MRBS

Sistema de Reservas de Salas y Aulas: MRBS 1.5.0 Base de Datos: MySQL 5.7.13-0ubuntu0.16.04.2 Sistema: Linux MRBS 4.4.0-31-generic #50-Ubuntu SMP Wed Jul 13 00:07:12 UTC 2016 x86_64 Hora del Servidor: lun 01 ago 2016 16:03:57 VET PHP: 7.0.8-0ubuntu0.16.04.1

Original comment by: *anonymous

jberanek commented 8 years ago

I think the error is in auth_ldap.inc file because I am using the same LDAP settings for openfire server installed on the same machine apache and php and is working normally, with user access to spark using openfire and LDAP. RSB but I'm not getting.

Original comment by: juliermefelix

jberanek commented 7 years ago

I fianlly revisited this now that version 1.6.0 is available and after fixing the bug in auth_ldap.inc (see https://sourceforge.net/p/mrbs/support-requests/1143/ ) I found that prefixing our ldaps server name with ldaps:// appears to be what has got it working. I could leave $ldap_port commented out and $ldap_tls set to false

Original comment by: ahar23

jberanek commented 7 years ago

hola ami me sale este error e tratado de todo y no puedo uds me puede ayudar porfa

Uncaught exception 'MRBS\DBException' in C:\xampp\htdocs\mrbs\web\lib\MRBS\DB.php at line 75
SQLSTATE[HY000] [1045] Access denied for user 'admin'@'localhost' (using password: YES)
SQL: 
Params: 
#0 C:\xampp\htdocs\mrbs\web\lib\MRBS\DBFactory.php(25): MRBS\DB->__construct('localhost', 'admin', 'admin', 'mrbs', false, NULL)
#1 C:\xampp\htdocs\mrbs\web\dbsys.inc(40): MRBS\DBFactory::create('mysql', 'localhost', 'admin', 'admin', 'mrbs', false, NULL)
#2 C:\xampp\htdocs\mrbs\web\dbsys.inc(74): MRBS\db()
#3 C:\xampp\htdocs\mrbs\web\defaultincludes.inc(29): require_once('C:\\xampp\\htdocs...')
#4 C:\xampp\htdocs\mrbs\web\index.php(9): require('C:\\xampp\\htdocs...')
#5 {main}
MRBS GET: Array
(
)
MRBS POST: Array
(
)
Your Company
Sistema de Reservas de Salas y Aulas

Original comment by: *anonymous

jberanek commented 7 years ago

You are getting the error because either

(a) the database username and password you have set in the config file are invalid; or (b) they are valid, but that user doesn't have sufficient database privileges.

Original comment by: campbell-m