Hi Adriaan,
so your auth_ldap_group and auth_ldap_groupbase is the same? I'll check it out.
Regards,
Christian
Am 08.11.2013 13:05, schrieb Adriaan Smuts:
Hi Christian,
Here is how my LDAP config looks, works great for me:
$config['auth_ldap_attr']['uid'] = "sAMAccountName"; $config['auth_ldap_attr']['uidNumber'] = "objectSid"; $config['auth_ldap_attr']['cn'] = "name"; $config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3; $config['auth_ldap_server'] = "<ldap server/domain controller>"; $config['auth_ldap_port'] = 389; $config['auth_ldap_starttls'] = false;
$config['auth_ldap_prefix'] = "CN="; $config['auth_ldap_suffix'] = ",OU=Departments,OU=Users,OU=Cape Town,OU=WebAfrica,DC=corp,DC=webafrica,DC=com"; $config['auth_ldap_group'] = "ou=role,ou=security,ou=global,ou=webafrica, dc=corp,dc=webafrica, dc=com"; $config['auth_ldap_groupbase'] = "ou=role,ou=security,ou=global,ou=webafrica, dc=corp,dc=webafrica, dc=com";
$config['auth_ldap_groupmembertype'] = "fulldn"; $config['auth_ldap_groupmemberattr'] = "member";
$config['auth_ldap_groups']['Observium-Admins']['level'] = 10; $config['auth_ldap_groups']['Observium-Users']['level'] = 7; $config['auth_ldap_groups']['Observium-Limited']['level'] = 0;
With the above config my admins have full read/write access and my users have read-only. The only thing that I am struggling with is getting my device perms to work with AD LDAP. I have users in Observium-Limited, and assign devices to their user accounts in the Observium web interface, but they can access the devices.
Tom, maybe you can advise on how to get the assigned device perms to work?
Regards
Adriaan Smuts Junior Systems Administrator
Direct Line +27 21 464 9565 Reception 0861 555 222 Website www.webafrica.co.za
-----Original Message----- From: observium [mailto:observium-bounces@observium.org] On Behalf Of Tom Laermans Sent: Friday, November 8, 2013 1:19 PM To: Observium Network Observation System Subject: Re: [Observium] Unable to map aut_ldap_groups
Hi Christian,
This was reported on the list a few days ago, as well. However it's working for me, so I'm not sure what to tell you.
Check /debug and see what the LDAP queries say...
Tom
On 11/08/2013 12:06 PM, Christian Hügel wrote:
Hi,
I´m using the ldap mechanism to auth against our AD. So far I can log in but unable to see any graphs or devices. Apparently the group: $config['auth_ldap_groups']['ObserviumAdmins']['level'] = 10; are not mapped. However, the group "ObserviumAdmins" is present in AD and my username is member of this group. The auth_ldap_groupbase and auth_ldap_group is also correct. Is there anything else I have to take into consideration?
Christian _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium