Using filters with LDAP authentication for Meeting Room Booking System

Maybe you think you need a system for managing meeting room reservations. If that’s the case, chances are you’ve considered MRBS (Meeting Room Booking System). Probably not a bad idea: it’s free and not difficult to install and run (I’m using MRBS 1.4.11, PHP 5.1.4, MySQL 5.0.22… and off you go). Plus, it’s localized.

In addition, maybe you’ve got an LDAP server and you want that one to manage authentication. That’s not difficult, and the docs explain how to do it.

If you don’t want every LDAP user to be able to create and delete reservations, one of the available mechanisms is to use a filter. There is a configuration variable, $ldap_filter, that allows you to specify the users that the system will find and hence authenticate. The problem is: initially, it will probably not work.

In my case, the LDAP server is Microsoft Active Directory. The user name can be found in a field named sAMAccountName. If you try to do something like this in your config.inc.php file:

$ldap_filter = "(|(sAMAccountName=alloweduser1)(sAMAccountName=alloweduser2))";

it will not authenticate anybody, even if that search filter is perfectly valid.

Well, the trick is: MRBS puts parentheses around your $ldap_filter expression. So you must write your $ldap_filter without them. In the previous example, this will work:

$ldap_filter = "|(sAMAccountName=alloweduser1)(sAMAccountName=alloweduser2)";

Of course, there are lots of reasons an LDAP can fail (usually because you write some incorrect value in the configuration) but, in my case, the reason was this one.

Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s


A %d blogueros les gusta esto: