Apply the attached .patch file and set the proper config.php entries and it will work properly with AD. I fixed this months ago, and so far this file hasn't been touched so it should be safe.
$config['auth_ldap_binddn'] = "CN=blah,OU=Service Accounts,DC=arbor,DC=net"; $config['auth_ldap_bindpw'] = "PASSWORD";
$config['auth_ldap_attr']['uid'] = "sAMAccountName"; $config['auth_ldap_attr']['uidNumber'] = "objectSid"; $config['auth_ldap_attr']['cn'] = "cn"; $config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3; $config['auth_ldap_server'] = "ldap.domain.com"; $config['auth_ldap_port'] = 389; $config['auth_ldap_starttls'] = FALSE;
$config['auth_ldap_prefix'] = "CN="; $config['auth_ldap_suffix'] = ",OU=All Users,DC=arbor,DC=net"; $config['auth_ldap_group'] = array("CN=NMS-Users,OU=Security Groups,DC=arbor,DC=net"); $config['auth_ldap_groupbase'] = "OU=Security Groups,DC=arbor,DC=net";
$config['auth_ldap_groupmembertype'] = "fulldn"; $config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']); $config['auth_ldap_groups']['NMS-Admins']['level'] = 10; $config['auth_ldap_groups']['NMS-GlobalReadOnly']['level'] = 7; $config['auth_ldap_groups']['NMS-Users']['level'] = 1;
Users must be a member of "NMS-Users" or your equivalent group to be able to log in, this is also what Observium will use to populate the user list for assigning permissions.
*Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com
On Tue, May 3, 2016 at 12:17 PM, Mike Driscoll mike.driscoll@oracle.com wrote:
+1
On May 3, 2016, at 03:25, Tibor Marchyn Tibor.Marchyn@zoomint.com wrote:
Hi,
Is there any plan to implement LDAP / Active Directory users permission for devices like local users?
Currently I do not see any option how to assign for such user from AD just selected list of devices to see. We need to limit people to see just i.e. one divece, or group of devices.
Thanks
Tibor _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium