We got it working a few days ago from info in this thread.  We used nodn as well as the array of groups to map to levels.  I can send what worked for us tomorrow.

-Graeme

On Wed, May 11, 2022 at 10:20 PM Valerie Lim via observium <observium@observium.org> wrote:

Hi

 

I am having issue authenticating the members in my group as the error message says that it is unable to get a match of a user in a particular group.

 

Here are some steps I’ve taken so far:

 

  • Changing to $config['auth_ldap_server'] = "server01.domain01.com"; caused an error that LDAP server was unable to bind thus that is why I am using IP address
  • All my users are already a member of the group that I’ve specified & the group is also in an OU I’ve specified in my config.php

 

So, why is Observium unable to get a match of the users even though the specifications are already there? Please advise.

 

Attached is my config.php configuration:

 

// Authentication Model

$config['auth_mechanism'] = "ldap";    // default, other options: ldap, http-auth, please se>

 

$config['auth_ldap_binddn'] = "cn=Administrator,cn=Users,dc=domain01,dc=com";

$config['auth_ldap_bindpw'] = "xxxxxxxx";

 

$config['auth_ldap_attr']['uid'] = "sAMAccountName";

$config['auth_ldap_attr']['uidNumber'] = "objectSid";

$config['auth_ldap_attr']['cn'] = "name";

$config['auth_ldap_attr']['dn'] = "distinguishedName";

$config['auth_ldap_objectclass'] = "person";

 

$config['auth_ldap_version'] = 3;

$config['auth_ldap_server'] = "ldap://192.168.1.234";

$config['auth_ldap_port']   = 389;

$config['auth_ldap_starttls'] = TRUE;

$config['auth_ldap_bindanonymous'] = FALSE;

 

$config['auth_ldap_prefix'] = "CN=";

$config['auth_ldap_suffix'] = ",OU=MVC,DC=domain01,DC=com";

$config['auth_ldap_group']  = array("CN=gtgroup,OU=MVC,DC=domain01,DC=com");

$config['auth_ldap_groupbase'] = "CN=gtgroup,OU=MVC,DC=domain01,DC=com";

 

$config['auth_ldap_groupmembertype'] = "nodn";

$config['auth_ldap_groupmemberattr'] = "member";

 

unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['CN=gtgroup,OU=MVC,DC=domain01,DC=com']['level'] = 10;

 

$config['web_debug_unprivileged'] = TRUE;

 

Error message I got when logging in:

 

My group & OU settings:

 

Best Regards

Valerie Lim

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium