Upgrade from 1.7.2 to 1.11.5

[sktm01]

Server details (please complete the following information):

• MRBS version: 1.7.2
• Web server: Apache/2.4.53
• OS: CentOS 7.9.2009
• PHP version: 7.2.34
• Database used: MySQL 8.0.36

Additional context Hi, I would like to update MRBS from version 1.7.2 to 1.11.5, but I cannot find complete documentation on how to do it anywhere.

[campbell-m]

See the UPGRADE document.

[sktm01]

Which file should I change and when overwriting the database I get an error.

[campbell-m]

You should

1. Take a backup of your database, in case of disaster.
2. Upload 1.11.5 to a new folder on your server.
3. Copy your old config file to the new folder.
4. Point your browser at the new folder.
5. You will be prompted for a database username and password.
6. The database will be automatically upgraded.
7. When you are happy that everything is working rename your old and new folders.

[sktm01]

Thank you for the information, I will try to do it tomorrow or today.

[sktm01]

After the upgrade, users cannot log in via LDAP, even though the config remains unchanged and the rest of the files remain unchanged.

[campbell-m]

I suspect you need to set the following:

// If you need to search the directory to find the user's DN to bind
// with, set the following to the attribute that holds the user's
// "username". In Microsoft AD directories this is "sAMAccountName"
// This can be an array.
//$ldap_dn_search_attrib = "sAMAccountName";

// If you need to bind as a particular user to do the search described
// above, specify the DN and password in the variables below
// These two parameters can be arrays.
// $ldap_dn_search_dn = "cn=Search User,ou=Users,dc=example,dc=com"; // Any compliant LDAP
// $ldap_dn_search_dn = "searchuser@example.com"; // A form which could work for AD LDAP
// $ldap_dn_search_password = "some-password";

More recent versions of MRBS show users' display names and they need the search_dn details set in order to do so.

[sktm01]

Where exactly should I change this? in config.inc.php?

Here is the code from LDAP that is already saved there:

$auth["session"] = "php"; $auth["type"] = "ldap"; $ldap_debug = true; $ldap_host = $host; $ldap_port = 389; $ldap_base_dn[] = "ou=People,dc=ibch,dc=poznan,dc=pl,dc=world"; $ldap_base_dn[] = "ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world"; $ldap_v3 = true; $ldap_tls = false; $ldap_user_attrib = "uid";

most likely the LDAP server is oracle.

[campbell-m]

Yes, in the config file. Obviously you will need to uncomment the settings lines and choose suitable values.

[sktm01]

Thanks a lot

[sktm01]

Unfortunately it still doesn't work...

$auth["session"] = "php"; $auth["type"] = "ldap"; $ldap_debug = true; $ldap_host = $host; $ldap_port = 389; $ldap_base_dn[] = "ou=People,dc=ibch,dc=poznan,dc=pl,dc=world"; $ldap_base_dn[] = "ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world"; $ldap_dn_search_dn = "ou=People,dc=ibch,dc=poznan,dc=pl,dc=world"; $ldap_dn_search_dn = "ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world"; $ldap_v3 = true; $ldap_tls = false; $ldap_user_attrib = "uid";

Could it have something to do with the php version?

Additionally, we do not have Windows AD, but Oracle

[campbell-m]

PHP 7.2.34 should be fine. I suggest you set $ldap_debug = true; in your config file to see what is happening. The debug output will appear in your PHP error log.

[campbell-m]

I think you need to set $ldap_dn_search_dn to a specfic user and also set $ldap_dn_search_password and $ldap_dn_search_attrib.

[sktm01]

Our database is open because it is available only from the internal network, and also from specific devices. This does not require any user to resarch.

https://github.com/user-attachments/assets/14947ebb-1856-47f2-abb5-db3cf854dad3

[sktm01]

My mistake, it's not about the database but the LDAP server

[sktm01]

Setting $ldap_debug = true; it didn't give any results.

[campbell-m]

Did you look in your PHP error log (not your Apache log)?

[sktm01]

At the moment I am waiting for the logs to be sent.

Do you know the answer why LDAP login worked in version 1.7.2 and does not work in 1.11.5? Does it have to do with PHP/Apache or the OS itself?

[campbell-m]

No, it's not to do with PHP or Apache. It's to do with MRBS. It's because more recent versions of MRBS show users' display names and they need the search_dn details set in order to do so.

[sktm01]

One more question, what permissions should the root directory have?

[campbell-m]

At the moment I am waiting for the logs to be sent.

The PHP error log is normally a file called error_log in your MRBS directory.

[sktm01]

In the old version (1.7.5), name display is enabled

[campbell-m]

In the old version (1.7.5), name display is enabled

But that's just the username, not the display name (eg "John Smith").

[sktm01]

The error_log file is not created even though chmod is set to 777

[sktm01]

Returning to the configure LDAP itself, it cannot be set to a specific user who will search for it in the database. Should I additionally set $search_filter = '(uid=username)'; and $attributes = ['cn', 'sn', 'givenName'];

[campbell-m]

Run the PHP program

<?php
echo ini_get('error_log');

to find out where your error log is.

[campbell-m]

Returning to the configure LDAP itself, it cannot be set to a specific user who will search for it in the database.

Why not? Can you not create a special user?

[sktm01]

I don't have access to it, at the moment I have to wait for the system administrator to send it to me.

[sktm01]

Returning to the configure LDAP itself, it cannot be set to a specific user who will search for it in the database.

Why not? Can you not create a special user?

Since I'm not the one managing LDAP, no one will agree to it, since the server is open (no login required for searching) but only for specific computers and internal networks.

[campbell-m]

Did you manage to find your PHP error log?

[sktm01]

[21-Jul-2024 18:36:37 UTC] authLdapAction: Got LDAP connection [21-Jul-2024 18:36:37 UTC] authLdapAction: Constructed dn 'uid=awychowaniec,ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' and user_search 'uid=awychowaniec' using 'uid' [21-Jul-2024 18:36:37 UTC] authValidateUserCallback: base_dn 'ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' dn 'uid=awychowaniec,ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' user 'awychowaniec' [21-Jul-2024 18:36:37 UTC] authValidateUserCallback: Bind to 'uid=awychowaniec,ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' failed: Invalid credentials [21-Jul-2024 20:36:37 Europe/Warsaw] E_NOTICE in /home/reserv-ibch/www/auth/auth_ldap.inc at line 456 Undefined variable: ldap_unbind_between_attempts

[21-Jul-2024 20:36:37 Europe/Warsaw] authLdapAction: Got LDAP connection [21-Jul-2024 20:36:37 Europe/Warsaw] authLdapAction: Constructed dn 'uid=awychowaniec,ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' and user_search 'uid=awychowaniec' using 'uid' [21-Jul-2024 20:36:37 Europe/Warsaw] authValidateUserCallback: base_dn 'ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' dn 'uid=awychowaniec,ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' user 'awychowaniec' [21-Jul-2024 20:36:37 Europe/Warsaw] E_NOTICE in /home/reserv-ibch/www/auth/auth_ldap.inc at line 401 Undefined index: ldap_filter

[21-Jul-2024 20:36:37 Europe/Warsaw] authValidateUserCallback: Successful authenticated bind with no $ldap_filter [22-Jul-2024 08:42:48 UTC] authLdapAction: Got LDAP connection [22-Jul-2024 08:42:48 UTC] authLdapAction: Constructed dn 'uid=mwojnicka,ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' and user_search 'uid=mwojnicka' using 'uid' [22-Jul-2024 08:42:48 UTC] authValidateUserCallback: base_dn 'ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' dn 'uid=mwojnicka,ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' user 'mwojnicka' [22-Jul-2024 08:42:48 UTC] authValidateUserCallback: Bind to 'uid=mwojnicka,ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' failed: Invalid credentials [22-Jul-2024 10:42:48 Europe/Warsaw] E_NOTICE in /home/reserv-ibch/www/auth/auth_ldap.inc at line 456 Undefined variable: ldap_unbind_between_attempts

[22-Jul-2024 10:42:48 Europe/Warsaw] authLdapAction: Got LDAP connection [22-Jul-2024 10:42:48 Europe/Warsaw] authLdapAction: Constructed dn 'uid=mwojnicka,ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' and user_search 'uid=mwojnicka' using 'uid' [22-Jul-2024 10:42:48 Europe/Warsaw] authValidateUserCallback: base_dn 'ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' dn 'uid=mwojnicka,ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' user 'mwojnicka' [22-Jul-2024 10:42:48 Europe/Warsaw] authValidateUserCallback: Bind to 'uid=mwojnicka,ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' failed: Invalid credentials [22-Jul-2024 10:42:48 Europe/Warsaw] E_NOTICE in /home/reserv-ibch/www/auth/auth_ldap.inc at line 456 Undefined variable: ldap_unbind_between_attempts

[22-Jul-2024 08:42:57 UTC] authLdapAction: Got LDAP connection [22-Jul-2024 08:42:57 UTC] authLdapAction: Constructed dn 'uid=mwojnicka,ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' and user_search 'uid=mwojnicka' using 'uid' [22-Jul-2024 08:42:57 UTC] authValidateUserCallback: base_dn 'ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' dn 'uid=mwojnicka,ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' user 'mwojnicka' [22-Jul-2024 08:42:57 UTC] authValidateUserCallback: Bind to 'uid=mwojnicka,ou=People,dc=ibch,dc=poznan,dc=pl,dc=world' failed: Invalid credentials [22-Jul-2024 10:42:57 Europe/Warsaw] E_NOTICE in /home/reserv-ibch/www/auth/auth_ldap.inc at line 456 Undefined variable: ldap_unbind_between_attempts

[22-Jul-2024 10:42:57 Europe/Warsaw] authLdapAction: Got LDAP connection [22-Jul-2024 10:42:57 Europe/Warsaw] authLdapAction: Constructed dn 'uid=mwojnicka,ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' and user_search 'uid=mwojnicka' using 'uid' [22-Jul-2024 10:42:57 Europe/Warsaw] authValidateUserCallback: base_dn 'ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' dn 'uid=mwojnicka,ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' user 'mwojnicka' [22-Jul-2024 10:42:57 Europe/Warsaw] E_NOTICE in /home/reserv-ibch/www/auth/auth_ldap.inc at line 401 Undefined index: ldap_filter

[sktm01]

auth_ldap.inc.txt

[campbell-m]

Something is wrong. auth_ldap.inc doesn't exist in MRBS 1.11.5. Are you sure this is the debug log from running the new release?

[sktm01]

I can delete this file and try to log in and see what error PHP throws.

[sktm01]

Let's wait for the moment until around August 12, when I should receive full access to the Apache and PHP logs, without waiting for the administrator to export it and give it to me.

[sktm01]

Hello, I have already obtained full and permanent access to the logs.

As for the auth_ldap.inc file, it is already in version 1.11.5 in the auth directory, it was not added manually

[campbell-m]

The auth_ldap.inc file isn't in the 1.11.5 distribution. If it's on your server it could be because you overwrote the previous release rather than uploading to a new folder. However that shouldn't matter, but what does matter is that your previous logs were reporting output from auth_ldap.inc. If you repeat the login attempt on 1.11.5 what do the logs say now?

[sktm01]

[01-Aug-2024 09:35:46 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(730): got LDAP connection using $host [01-Aug-2024 09:35:46 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(794): constructed dn 'uid=adehmel,ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' and user_search 'uid=adehmel' using 'uid' [01-Aug-2024 09:35:46 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap::getUserCallback(378): base_dn 'ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' dn 'uid=adehmel,ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world' user_search 'uid=adehmel' user 'adehmel' [01-Aug-2024 09:35:46 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap::getUserCallback(405): ldap_read() failed: Server is unwilling to perform [Rejecting the requested operation because the connection has not been authenticated] [01-Aug-2024 09:35:46 Europe/Warsaw] E_USER_WARNING in /home/reserv-ibch/www/lib/MRBS/Auth/AuthLdap.php at line 421 Server is unwilling to perform MRBS GET: Array ( ) MRBS POST: Array ( [MAX_FILE_SIZE] => 2097152 [csrf_token] => 6b733bc825bf3e22ac90efaf50e5fa59fe82d11a4ea049953394e54287116d1f [returl] => [target_url] => index.php [action] => SetName [username] => [password] => ) MRBS SESSION: Array ( [csrf_token] => 6b733bc825bf3e22ac90efaf50e5fa59fe82d11a4ea049953394e54287116d1f [UserName] => adehmel [last_page] => /admin.php [this_page] => /admin.php [user] => )

[campbell-m]

Have you got $ldap_dn_search_dn and $ldap_dn_search_password set to a specfic user and also set and $ldap_dn_search_attrib?

[sktm01]

I have $ldap_user_attrib = "uid"; , change it to the one you sent?

[sktm01]

When I changed $ldap_user_attrib = "uid"; to $ldap_dn_search_attrib = "uid"; an unknown user pops up when logging in. I will only point out that the site itself is on an internal network where a user is not needed to search in LDAP.

[campbell-m]

You should keep

$ldap_user_attrib = "uid";

and additionally set

$ldap_dn_search_attrib = "uid";
$ldap_dn_search_dn = "some user's dn";  // eg yours
$ldap_dn_search_password = "their password";

[sktm01]

$auth["session"] = "php";
$auth["type"] = "ldap";
$ldap_debug = true;
$ldap_host = "$host";
$ldap_port = 389;
$ldap_base_dn[] = "ou=People,dc=ibch,dc=poznan,dc=pl,dc=world";
$ldap_base_dn[] = "ou=People,ou=PhDStudents,dc=ibch,dc=poznan,dc=pl,dc=world";
$ldap_v3 = true;
$ldap_tls = false;
$ldap_user_attrib = "uid";
$ldap_dn_search_attrib = "uid";
$ldap_dn_search_dn = "adehmel"; // A form which could work for AD LDAP
$ldap_dn_search_password = "**********************";

When trying to log in: unknown user

Logs:

[01-Aug-2024 12:38:30 Europe/Warsaw] authValidateUserCallback: Successful authenticated bind with no $ldap_filter
[01-Aug-2024 12:38:30 Europe/Warsaw] 
E_DEPRECATED in /home/reserv-ibch/www/functions.inc at line 801
Function get_magic_quotes_gpc() is deprecated
MRBS GET: Array
(
    [year] => 2024
    [month] => 07
    [day] => 31
    [area] => 7
    [room] => 43
)
MRBS POST: Array
(
)
MRBS SESSION: Array
(
    [csrf_token] => 5357027870e59e4dbf319bcb50f85ad07233e2fb174891155ed9b8aaf32ee948
    [UserName] => adehmel
)

[01-Aug-2024 12:38:30 Europe/Warsaw] 
E_DEPRECATED in /home/reserv-ibch/www/functions.inc at line 801
Function get_magic_quotes_gpc() is deprecated
MRBS GET: Array
(
    [year] => 2024
    [month] => 07
    [day] => 31
    [area] => 7
    [room] => 43
)
MRBS POST: Array
(
)
MRBS SESSION: Array
(
    [csrf_token] => 5357027870e59e4dbf319bcb50f85ad07233e2fb174891155ed9b8aaf32ee948
    [UserName] => adehmel
)

[01-Aug-2024 12:38:30 Europe/Warsaw] 
E_DEPRECATED in /home/reserv-ibch/www/functions.inc at line 801
Function get_magic_quotes_gpc() is deprecated
MRBS GET: Array
(
    [year] => 2024
    [month] => 07
    [day] => 31
    [area] => 7
    [room] => 43
)
MRBS POST: Array
(
)
MRBS SESSION: Array
(
    [csrf_token] => 5357027870e59e4dbf319bcb50f85ad07233e2fb174891155ed9b8aaf32ee948
    [UserName] => adehmel
)

[01-Aug-2024 12:38:30 Europe/Warsaw] 
E_DEPRECATED in /home/reserv-ibch/www/functions.inc at line 801
Function get_magic_quotes_gpc() is deprecated
MRBS GET: Array
(
    [year] => 2024
    [month] => 07
    [day] => 31
    [area] => 7
    [room] => 43
)
MRBS POST: Array
(
)
MRBS SESSION: Array
(
    [csrf_token] => 5357027870e59e4dbf319bcb50f85ad07233e2fb174891155ed9b8aaf32ee948
    [UserName] => adehmel
)

[01-Aug-2024 12:38:30 Europe/Warsaw] 
E_DEPRECATED in /home/reserv-ibch/www/functions.inc at line 801
Function get_magic_quotes_gpc() is deprecated
MRBS GET: Array
(
    [year] => 2024
    [month] => 07
    [day] => 31
    [area] => 7
    [room] => 43
)
MRBS POST: Array
(
)
MRBS SESSION: Array
(
    [csrf_token] => 5357027870e59e4dbf319bcb50f85ad07233e2fb174891155ed9b8aaf32ee948
    [UserName] => adehmel
)

[01-Aug-2024 10:40:14 UTC] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(730): got LDAP connection using ldap://ldap.man.poznan.pl:389
[01-Aug-2024 10:40:14 UTC] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(741): binding with search_dn and search_password
[01-Aug-2024 12:40:14 Europe/Warsaw] 
E_USER_WARNING in /home/reserv-ibch/www/lib/MRBS/Auth/AuthLdap.php at line 855
Operations error
MRBS GET: Array
(
)
MRBS POST: Array
(
    [MAX_FILE_SIZE] => 2097152
    [csrf_token] => 5357027870e59e4dbf319bcb50f85ad07233e2fb174891155ed9b8aaf32ee948
    [returl] => 
    [target_url] => index.php
    [action] => SetName
    [username] => ****
    [password] => ****
)
MRBS SESSION: Array
(
    [csrf_token] => 5357027870e59e4dbf319bcb50f85ad07233e2fb174891155ed9b8aaf32ee948
    [UserName] => adehmel
    [last_page] => /admin.php
    [this_page] => /admin.php
)

[01-Aug-2024 12:40:14 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(754): initial bind failed: Operations error [The provided value "adehmel" could not be parsed as a valid distinguished name because it contained an RDN containing an empty attribute name]
[01-Aug-2024 12:40:14 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(811): no DN determined, not calling callback
[01-Aug-2024 12:40:14 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(730): got LDAP connection using ldap://ldap.man.poznan.pl:389
[01-Aug-2024 12:40:14 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(741): binding with search_dn and search_password
[01-Aug-2024 12:40:14 Europe/Warsaw] 
E_USER_WARNING in /home/reserv-ibch/www/lib/MRBS/Auth/AuthLdap.php at line 855
Operations error
MRBS GET: Array
(
)
MRBS POST: Array
(
    [MAX_FILE_SIZE] => 2097152
    [csrf_token] => 5357027870e59e4dbf319bcb50f85ad07233e2fb174891155ed9b8aaf32ee948
    [returl] => 
    [target_url] => index.php
    [action] => SetName
    [username] => ****
    [password] => ****
)
MRBS SESSION: Array
(
    [csrf_token] => 5357027870e59e4dbf319bcb50f85ad07233e2fb174891155ed9b8aaf32ee948
    [UserName] => adehmel
    [last_page] => /admin.php
    [this_page] => /admin.php
)

[01-Aug-2024 12:40:14 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(754): initial bind failed: Operations error [The provided value "adehmel" could not be parsed as a valid distinguished name because it contained an RDN containing an empty attribute name]
[01-Aug-2024 12:40:14 Europe/Warsaw] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(811): no DN determined, not calling callback

[campbell-m]

E_DEPRECATED in /home/reserv-ibch/www/functions.inc at line 801 Function get_magic_quotes_gpc() is deprecated

I don't think you can be running MRBS 1.11.5 properly. get_magic_quotes_gpc() isn't used in MRBS 1.11.5 and certainly doesn't occur at line 801 of functions.inc. Have you uploaded all the contents of the web directory to your server?

[sktm01]

Everything from mrbs-code-main.zip/web has been moved to the server (where all old files were previously deleted). The only thing left is config.inc.php (where the LDAP settings sent above have been changed)

[sktm01]

Let me just remind you that LDAP is not MS active directory and I have also updated PHP to version 7.4

[campbell-m]

Can you post the functions.inc from your server here as an attachment please? You'll need to zip it first to keep GitHub happy, or else rename it as .txt file. Thanks.

[campbell-m]

Let me just remind you that LDAP is not MS active directory and I have also updated PHP to version 7.4

Yes. Let's make sure first that you are running the correct code, then we can sort out the LDAP problems.

[sktm01]

Can you post the functions.inc from your server here as an attachment please? You'll need to zip it first to keep GitHub happy, or else rename it as .txt file. Thanks.

sure: functions.inc.txt

[campbell-m]

Thanks. That looks like the correct version of functions.inc, but the get_magic_quotes_gpc() call at line 801 comes from MRBS 1.7.2. Looking at the logs above again I see that the E_DEPRECATED message was issued at 01-Aug-2024 12:38:30 Europe/Warsaw and the LDAP debug logs start at 01-Aug-2024 12:40:14 Europe/Warsaw. Did you update the server in those two minutes?

[campbell-m]

Instead of

$ldap_dn_search_dn = "adehmel"; // A form which could work for AD LDAP

you should use something like

$ldap_dn_search_dn = "cn=Search User,ou=Users,dc=example,dc=com"; // Any compliant LDAP