Hi,

thanks for the line to add in config.php. I didn't find it in the documentation of observium, maybe it should be more visible if we type "observium debug" for example^^

Anyway I successfully configured the AD authentication now, happy new year to everyone!

Vincent Kwiatkowski
Operations & Infrastructure - System Team • Itiviti
Production System Engineer

Direct: +33 1 44 50 25 45
vincent.kwiatkowski@itiviti.com

21 Boulevard Haussmann
75009 Paris, France
Phone: +33 1 49 95 30 00

Le 29/12/2018 à 22:42, Tom Laermans via observium a écrit :
Hi Vincent,

To debug authentication issues you need to set an extra configuration option:

$config['web_debug_unprivileged'] = TRUE;

Then, as Michael said, add /debug onto the end of your URL and try to log in - it should provide you with a bunch of extra output.

There is also a long standing bug for all authentication methods that the error messages are not sent back to the end user and the login page is simply shown. Hopefully I can find some time to fix this.

Are you on Pro or Community?

Tom

On 12/28/2018 2:26 PM, Vincent Kwiatkowski via observium wrote:

Hi All,


I tried to make observium AD log in working during a few hours without any success, so I ask here for help^^


I took the ad example conf and edited some values.


I used same kind of conf in antoher apache vhost, and it works fine.


I also tried to find a good debug mode to help me with that, but nothing Is in the logs.

I tried "url/debug", "url/debug=yes", I can only see "CACHE DISABLED. Disabled in config", but I don't see any message about failed authentication (after I entered my credentials, nothing happens, I come back to log in page)


I also tried what is in this page (https://docs.observium.org/config_options/#debugging-profiling-settings), but nothing happens in any log file.


how can I enabled debug mode to help me with this authentication issue?


In my win2k8 AD, the directory tree is as follow:


Administrative (at the root) --> "Domain users" (where all the "human" users are)

                                          --> "Groups" (where all the groups are)

                                          --> "ServiceAccounts" (where the binddn user is)


Here is the conf I have :


$config['auth_mechanism'] = "ldap";


$config['auth_ldap_binddn'] = "cn=DNrequest,ou=ServiceAccounts,ou=Administrative,dc=example,dc=com";

$config['auth_ldap_bindpw'] = "password";


$config['auth_ldap_attr']['uid'] = "sAMAccountName";

$config['auth_ldap_attr']['uidNumber'] = "objectSid";

$config['auth_ldap_attr']['cn'] = "name";

$config['auth_ldap_attr']['dn'] = "distinguishedname";

$config['auth_ldap_objectclass'] = "person";


$config['auth_ldap_version'] = 3;

$config['auth_ldap_server'] = "example.com";

$config['auth_ldap_port']   = 389;

$config['auth_ldap_starttls'] = FALSE;


$config['auth_ldap_prefix'] = "CN=";

$config['auth_ldap_suffix'] = ",OU=Domain users,OU=Administrative,DC=example,DC=com";

$config['auth_ldap_group']  = array("CN=NE.Access,OU=Groups,OU=Administrative,DC=example,DC=com");

$config['auth_ldap_groupbase'] = "OU=Groups,OU=Administrative,DC=example,DC=com";


$config['auth_ldap_groupmembertype'] = "fulldn";

$config['auth_ldap_groupmemberattr'] = "member";


unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['CN=NE.Access,OU=Groups,OU=Administrative,DC=example,DC=com']['level'] = 10;



Thanks a lot in advance for you help!


Vincent Kwiatkowski
Operations&Infrastructure - System Team • Itiviti
Production System Engineer

Direct: +33 1 44 50 25 45
vincent.kwiatkowski@itiviti.com

21 Boulevard Haussmann
75009 Paris, France
Phone: +33 1 49 95 30 00


Visit: itiviti.com / ullink.com »
Read the latest news from Itiviti »

The information contained in or attached to this email is strictly confidential. If you are not the intended recipient, please notify us immediately by telephone and return the message to us.


Email communications by definition contain personal information. The ITIVITI group of companies (of which ULLINK forms part) is subject to European data protection regulations. ULLINK’s Privacy Policy is available at www.ullink.com. ULLINK expects the recipient of this email to be compliant with ULLINK’s Privacy Policy and applicable regulations. Please advise us immediately at dataprotection@ullink.com if you are not compliant with these.


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium




_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium



Visit: itiviti.com / ullink.com »
Read the latest news from Itiviti »

The information contained in or attached to this email is strictly confidential. If you are not the intended recipient, please notify us immediately by telephone and return the message to us.


Email communications by definition contain personal information. The ITIVITI group of companies (of which ULLINK forms part) is subject to European data protection regulations. ULLINK’s Privacy Policy is available at www.ullink.com. ULLINK expects the recipient of this email to be compliant with ULLINK’s Privacy Policy and applicable regulations. Please advise us immediately at dataprotection@ullink.com if you are not compliant with these.