I believe

 

config['auth_ldap_group']  = "cn=BCPUS-Observium_admins,ou=HighSecurity,ou=Groups,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com";

 

is used to authenticate, so it should be a group where all users reside (so not only admins), typically this would be the group with least privilege (level 1). You could also create a separate group and merge all authorization groups in one.

 

From the docs:

 



$config['auth_ldap_prefix'] = "CN=";

$config['auth_ldap_suffix'] = ",CN=Users,DC=ad,DC=example,DC=com";

$config['auth_ldap_group']  = array("CN=Observium Users,OU=Groups,DC=ad,DC=example,DC=com");

$config['auth_ldap_groupbase'] = "OU=Groups,DC=ad,DC=example,DC=com";

 

$config['auth_ldap_groupmembertype'] = "fulldn";

$config['auth_ldap_groupmemberattr'] = "member";

 

unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['CN=Observium Admins,OU=Groups,DC=example,DC=COM']['level'] = 10;

$config['auth_ldap_groups']['CN=Observium Users,OU=Groups,DC=example,DC=COM']['level'] = 1;

 

 

kind regards

 

From: observium <observium-bounces@observium.org> On Behalf Of Dana Bostic via observium
Sent: Wednesday, May 15, 2019 13:49
To: observium@observium.org
Cc: Dana Bostic <Bostic_Dana_R@cat.com>
Subject: [Observium] Can anyone see an error in my config.php file

 

I have Active Directory authentication working for users in the Level = 10 group, but no one in the Level=5 can login.  I am trying to create an admin group and a readonly group “basically”.

 

All user accounts are in the same OU.  I am not sure how much of my configuration to post, so I will start here.

 

$config['auth_ldap_prefix'] = "cn=";

$config['auth_ldap_suffix'] = ",ou=ServerAdmin,ou=Users,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com";

$config['auth_ldap_group']  = "cn=BCPUS-Observium_admins,ou=HighSecurity,ou=Groups,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com";

$config['auth_ldap_groupbase'] = "ou=HighSecurity,ou=Groups,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com";

 

$config['auth_ldap_groupmembertype'] = "fulldn";

$config['auth_ldap_groupmemberattr'] = "member";

 

unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['cn=BCPUS-Observium_admins,ou=HighSecurity,ou=Groups,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com']['level'] = 10;

$config['auth_ldap_groups']['cn=BCPUS-Observium_access,ou=HighSecurity,ou=Groups,ou=BCPUS,dc=mw,dc=na,dc=cat,dc=com']['level'] = 5;

 

Telescope Separator
Dana Bostic 
Technology Specialist
Caterpillar Inc.
954 NC 42 East, Clayton, NC 27527
email: bostic_dana_r@cat.com | phone: 919-550-1260

 

 

Caterpillar: Confidential Green