search

meeting-room-booking-system / mrbs-code

MRBS application code
Other
117 stars 58 forks source link

LDAP login breaks when I change the AD server #2517

Open jberanek opened 5 years ago

jberanek commented 5 years ago

I changed our network from a 2008 to a 2016 server network. The domain name changed from lakeview.neomin.net to lakeviewlocal.net. I updated config.inc.php to include the new IP and specify the correct ldap base. Am I missing something else? 

/***********************************************
 * Authentication settings - read AUTHENTICATION
 ***********************************************/

$auth["type"] = "ldap"; // How to validate the user/password. One of "none"
                          // "config" "db" "db_ext" "pop3" "imap" "ldap" "nis"
                          // "nw" "ext".

// 'auth_ldap' configuration settings
// Where is the LDAP server
$ldap_host = "10.10.25.21";
// If you have a non-standard LDAP port, you can define it here
$ldap_port = 389;
// If you do not want to use LDAP v3, change the following to false
$ldap_v3 = true;
// If you want to use TLS, change the following to true
$ldap_tls = false;
// LDAP base distinguish name
// See AUTHENTICATION for details of how check against multiple base dn's
//$ldap_base_dn = "ou=organizationalunit,dc=my-domain,dc=com";
$ldap_base_dn[] = "OU=Lakeview,OU=Staff,DC=lakeviewlocal,DC=net";
// Attribute within the base dn that contains the username
//$ldap_user_attrib = "uid";
$ldap_user_attrib[] = "sAMAccountName";
// If you need to search the directory to find the user's DN to bind
// with, set the following to the attribute that holds the user's
// "username". In Microsoft AD directories this is "sAMAccountName"
$ldap_dn_search_attrib = "sAMAccountName";
// If you need to bind as a particular user to do the search described
// above, specify the DN and password in the variables below
// $ldap_dn_search_dn = "cn=Search User,ou=Users,dc=some,dc=company";
$ldap_dn_search_dn = "CN=ldap-user,OU=Lakeview,OU=Staff,DC=lakeviewlocal,DC=net";
// $ldap_dn_search_password = "some-password";
$ldap_dn_search_password = "ldapauth";

// 'auth_ldap' extra configuration for ldap configuration of who can use
// the system
// If it's set, the $ldap_filter will be combined with the value of
// $ldap_user_attrib like this:
//   (&($ldap_user_attrib=username)($ldap_filter))
// After binding to check the password, this check is used to see that
// they are a valid user of mrbs.
//$ldap_filter = "mrbsuser=y";

Reported by: *anonymous

Original Ticket: mrbs/support-requests/1818

jberanek commented 5 years ago

Try setting

$ldap_debug = true;

to see what's going on.

Original comment by: campbell-m

jberanek commented 5 years ago

Thank you. I am looking for a log file but do not see one. I am running on Windows 2016 with IIS.

Original comment by: *anonymous

jberanek commented 5 years ago

The debug information is logged in your PHP error log. If you can't find it you can always (for debugging purposes) force error information to be sent to the browser by adding the following lines to the bottom of internalconfig.inc.php:

error_reporting(-1);
ini_set('display_errors', '1');

Original comment by: campbell-m