Hi,
thanks for the line to add in config.php. I didn't find it in the documentation of observium, maybe it should be more visible if we type "observium debug" for example^^
Anyway I successfully configured the AD authentication now, happy new year to everyone!
Vincent Kwiatkowski Operations & Infrastructure - System Team • Itiviti Production System Engineer
Direct: +33 1 44 50 25 45 vincent.kwiatkowski@itiviti.com mailto:vincent.kwiatkowski@itiviti.com
21 Boulevard Haussmann https://maps.google.com/?q=21+Boulevard+Haussmann+75009+Paris,+France&entry=gmail&source=g 75009 Paris, France https://maps.google.com/?q=21+Boulevard+Haussmann+75009+Paris,+France&entry=gmail&source=g Phone: +33 1 49 95 30 00
Le 29/12/2018 à 22:42, Tom Laermans via observium a écrit :
Hi Vincent,
To debug authentication issues you need to set an extra configuration option:
$config['web_debug_unprivileged'] = TRUE;
Then, as Michael said, add /debug onto the end of your URL and try to log in - it should provide you with a bunch of extra output.
There is also a long standing bug for all authentication methods that the error messages are not sent back to the end user and the login page is simply shown. Hopefully I can find some time to fix this.
Are you on Pro or Community?
Tom
On 12/28/2018 2:26 PM, Vincent Kwiatkowski via observium wrote:
Hi All,
I tried to make observium AD log in working during a few hours without any success, so I ask here for help^^
I took the ad example conf and edited some values.
I used same kind of conf in antoher apache vhost, and it works fine.
I also tried to find a good debug mode to help me with that, but nothing Is in the logs.
I tried "url/debug", "url/debug=yes", I can only see "CACHE DISABLED. Disabled in config", but I don't see any message about failed authentication (after I entered my credentials, nothing happens, I come back to log in page)
I also tried what is in this page (https://docs.observium.org/config_options/#debugging-profiling-settings), but nothing happens in any log file.
how can I enabled debug mode to help me with this authentication issue?
In my win2k8 AD, the directory tree is as follow:
Administrative (at the root) --> "Domain users" (where all the "human" users are)
--> "Groups" (where all the groups are)
--> "ServiceAccounts" (where the binddn user is)
Here is the conf I have :
$config['auth_mechanism'] = "ldap";
$config['auth_ldap_binddn'] = "cn=DNrequest,ou=ServiceAccounts,ou=Administrative,dc=example,dc=com";
$config['auth_ldap_bindpw'] = "password";
$config['auth_ldap_attr']['uid'] = "sAMAccountName";
$config['auth_ldap_attr']['uidNumber'] = "objectSid";
$config['auth_ldap_attr']['cn'] = "name";
$config['auth_ldap_attr']['dn'] = "distinguishedname";
$config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = "example.com http://example.com";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_starttls'] = FALSE;
$config['auth_ldap_prefix'] = "CN=";
$config['auth_ldap_suffix'] = ",OU=Domain users,OU=Administrative,DC=example,DC=com";
$config['auth_ldap_group'] = array("CN=NE.Access,OU=Groups,OU=Administrative,DC=example,DC=com");
$config['auth_ldap_groupbase'] = "OU=Groups,OU=Administrative,DC=example,DC=com";
$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['CN=NE.Access,OU=Groups,OU=Administrative,DC=example,DC=com']['level'] = 10;
Thanks a lot in advance for you help!
Vincent Kwiatkowski Operations&Infrastructure- System Team • Itiviti Production System Engineer
Direct: +33 1 44 50 25 45 vincent.kwiatkowski@itiviti.com mailto:vincent.kwiatkowski@itiviti.com
21 Boulevard Haussmann https://maps.google.com/?q=21+Boulevard+Haussmann+75009+Paris,+France&entry=gmail&source=g 75009 Paris, France https://maps.google.com/?q=21+Boulevard+Haussmann+75009+Paris,+France&entry=gmail&source=g Phone: +33 1 49 95 30 00
Visit: itiviti.com https://www.itiviti.com// ullink.com https://www.ullink.com/» Read the latest news from Itiviti » http://www.itiviti.com/news/
/The information contained in or attached to this email is strictly confidential. If you are not the intended recipient, please notify us immediately by telephone and return the message to us./
/ /
/Email communications by definition contain personal information. The ITIVITI group of companies (of which ULLINK forms part) is subject to European data protection regulations. ULLINK’s Privacy Policy is available at www.ullink.com http://www.ullink.com/. ULLINK expects the recipient of this email to be compliant with ULLINK’s Privacy Policy and applicable regulations. Please advise us immediately at dataprotection@ullink.com mailto:dataprotection@ullink.com if you are not compliant with these./
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium