Re: [Observium] Logs for LDAP

9 Mar 2017


      Thanks for the pointers on the Debug.
I worked on the ldap.inc.php as well as config.php.
I think i found the issue but now since my modification, the debug spits me
back to the non debug login screen.  ODD.
Would someone have a suggestion as to how to stay in Debug and where to go
from now?
Thanks
D
Here are my modifications to the ldap.inc.php
function ldap_search_user($ldap_group, $userdn, $depth = -1)
{
  global $ds, $config;
#  $compare = ldap_compare($ds, $ldap_group,
$config['auth_ldap_groupmemberattr'], $userdn);
* $binduser = ldap_internal_dn_from_username($userdn);  $compare =
ldap_compare($ds, $ldap_group, $config['auth_ldap_groupmemberattr'],
$binduser);*
  if ($compare === TRUE)
  {
    return TRUE; // Member found, return TRUE
  }
  elseif (($config['auth_ldap_recursive'] === true) && ($depth <
$config['auth_ldap_recursive_maxdepth']))
  {
    $depth++;
//$filter = "(&(objectClass=group)(memberOf=". $ldap_group ."))";
    $filter_params                = array();
#    $filter_params[] = ldap_filter_create('objectClass', 'group');
#///////
    *$filter_params[] = ldap_filter_create('objectClass',
$config['auth_ldap_groupobjectclass']); #Change to posix group for OpenLdap*
#///////
Here is what i added to config.php
*$config['auth_ldap_groupobjectclass'] = "posixgroup";*
This is the testing I am doing on my Ldap server.
*#ldapcompare -Y GSSAPI "cn=admins,cn=groups,cn=accounts,dc=domain,dc=com"
memberof::dave*
SASL/GSSAPI authentication started
SASL username: dave@GRENADINE.JUICY
SASL SSF: 56
SASL data security layer installed.
*FALSE*
*# ldapcompare -Y GSSAPI "cn=admin,cn=groups,cn=accounts,dc=domain,dc=com"
member:uid=dave,cn=users,cn=accounts,dc=domain,dc=com*
SASL/GSSAPI authentication started
SASL username: dave@GRENADINE.JUICY
SASL SSF: 56
SASL data security layer installed.
*TRUE*
Dave
On Mon, Mar 6, 2017 at 4:45 PM, David Haché dave@dhache.com wrote:
...
Hi,
I have been using observium for a while and I am pleased with it.
Now when I try to integrate LDAP, I can't find the logs to troubleshoot.
I activated LDAP and it connect correctly, the query looks good but no go.
Log from my LDAP server
[06/Mar/2017:16:41:55.102124385 -0500] conn=255138 op=1 SRCH
base="cn=users,cn=accounts,dc=domain,dc=com" scope=2
filter="(&(objectClass=posixaccount)(uid=dave))" attrs=ALL
Does anyone have suggestion how to activate the loggin for ldap on the PHP
/ NGINX / Observium side?
Thanks.
Dave