The prerequisites for MRBS are as follows:

- PHP 4/5
- MySQL or PostgreSQL
- A web server (such as Apache) that supports PHP
- PHP-LDAP Modules (optional for LDAP authentication)

Luckily enough I already had an Ubuntu Linux production server in place with these prerequisites installed so I was ready to go. The install process is as follows:

1. Extract the contents of the MRBS.tar.gz file to your web servers storage folder (ie: Apache – htdocs, IIS -inetpub)
2. Create a mrbs database in MySQL
   CREATE DATABASE `mrbs` ;
3. Create the database table structure using the supplied tables.my.sql script
   (Optional: Add sample data to the database using the supplied sample-data.sql script)
4. You must enter a timezone into the config.inc.php file before the system will function (ie: $timezone = “Sydney/Australia;)

At this point the system is ready to use. However, I recommend a few extra steps for ease of use in a school environment:

Enable period view and define school periods:

The default view for MRBS is time slots. Generally schools work to periods not time slots so a period view has been included in MRBS.
To enable the period view:

1. Include the following line of code in your config.inc.php file:
   $enable_periods = TRUE;
2. Define the periods in the config.inc.php file. Example:
3. $periods[] = “Before School”;
   $periods[] = “Mentor”;
   $periods[] = “Period 1″;
   $periods[] = “Period 2″;
   $periods[] = “Recess”;

   And so on…

Activate LDAP authentication:

We endeavor to provide a single-sign-on environment for our staff and students which means that LDAP authentication is a must have for any system that we implement into our network. This process was by far the hardest part of the MRBS install and took my colleague and I sometime to complete mainly due to the PHP-LDAP modules.
To enable LDAP authentication:

1. Install PHP-LDAP modules
   I am not going to go into installing these modules in this post but am happy to lend a hand if you need help getting these working.
2. Define LDAP authentication commands in the config.inc.php file. Example:
   $auth['only_admin_can_book_repeat'] = TRUE;$auth["type"] = “ldap”;

   $ldap_host = “yourdomain.com.au”;
   $ldap_port = 389;
   $ldap_v3 = true;
   $ldap_tls = false;
   $ldap_base_dn = “ou=Users,dc=yourdomain,dc=com,dc=au”;
   $ldap_user_attrib = “sAMAccountName”;
   $ldap_dn_search_dn = “cn=Admin,ou=Users,dc=yourdomain,dc=com,dc=au”;
   $ldap_dn_search_attrib = “sAMAccountName”;
   $ldap_dn_search_password = “Admin_Password”;

3. Define admin users from LDAP in the config.inc.php file
   $auth["admin"] = “Admin”;

Being open source the opportunities to endless for you to critique this system to your individual needs. We have edited various files within the system to do the following:

• Only allow admins to create repeat bookings
• Change field labels by editing the language file (lang.en)
• Apply the users username to the end of the displayed booking so staff can easily see who has made the booking
• Add an “Override Creator” field for admins only so that they can make a booking on a staff members behalf
• Edit the Help page to be more school specific help

Our school also uses Google Apps Education Edition to provide our students with Email accounts and usage of the other Google Apps services. Google provides a great LDAP sync tool that can easily sync users and groups memberships but lacks a way to sync users passwords (not secure). For this to be possible a Single Sign On (SSO) system must come into the equation. These systems can cost thousands of dollars (depending on user numbers) from 3rd party developers or require a large amount of IT admin time and server resources to perfect a solid solution. I searched long and hard for a suitable tool for this job and tried a number of solutions but none worked well enough for my liking.

At the same time that I was searching for solutions for this issue I was also browsing around for some useful Moodle plugins. This is where I came across the Moodle-Google Intergration plugin that would solve all my issues. The plugin provides a SAML based authentication method to allow users to use their LDAP credentials (LDAP must be configured in Moodle) to log into their Google Apps account. This plugin talks with the SSO feature built into Google Apps via SAML 2.0 post and the use of the generated keys and certificates for security. Users then login to Moodle and from there can access their Google Apps account.

More to come on the configuration of this plugin. Stay tuned…

We are primarily a Windows based domain. The only pocket of Macs we have are for our Photography and Visual Arts departments (and an odd Mac Book here and there). The original setup was conceived well before my time at my current company so up until I was thrown into the guts of the Mac network when the whole system went down my knowledge of the server setup was on a need to know basis. The XServe had a Directory Services LDAP connection to our Windows 2003 LDAP server and had a custom binding to pull user information from Active Directory. I never completely explored the custom mappings but from what I have been told it was a fairly intense setup to provide the out of the ordinary needs at the time.

This is my first job where I have had to support Macs so my knowledge was very limited but from the start I found the setup to be somewhat odd. The Macs would always take a considerable amount of time to startup (which I worked out later was due to Directory Services taking an age to authenticate), user accounts would randomly stop working or be denied access to applications. The main method behind the madness was to allow users to maintain their Windows based home folders, but also have a network mapped home folder on the Mac server when logged into a Mac computer. I had always wanted to reconfigure the server myself but without the necessary time or expertise I stopped myself from opening that can of worms. But with the server now down for the count I was forced to commission my plan…

More blabbering to come….