I've also tried enabling referrals and it didn't help. This is what I see at the end of the login page if I use /debug/

LDAP[Filter][(CN=Ryan\2c Spencer,OU=Ann Arbor)][OU=All Users,DC=arbor,DC=net]

LDAP[UserID][User not found through filter]

That is my correct CN. But the next line shows that it isn't grabbing a UserID for me:

SELECT * FROM `entity_permissions` WHERE `user_id` = '-1'

Spencer Ryan | Senior Systems Administrator | sryan@arbor.net

Arbor Networks

+1.734.794.5033 (d) | +1.734.846.2053 (m)

www.arbornetworks.com

On Thu, Feb 26, 2015 at 10:53 AM, Ryan, Spencer <sryan@arbor.net> wrote:

I'm having an issue with our OU's and how devices are assigned to users in Observium.

To keep the explanation simple our users OU structure basically looks like this:
arbor.net
---All Users
------Ann Arbor
------City 2
------City 3

I have the base set to the top "all users":
$config['auth_ldap_prefix'] = "CN=";
$config['auth_ldap_suffix'] = ",OU=All Users,DC=arbor,DC=net";

The issue is that the ldap module won't look down into the sub OU's to find the users, so any device associations fail.

If I create a test user in the "All Users" OU directly it works properly.

Is there any way to make this work properly? I have users logging in in various sub OU's so I can't just point it at one of the city OU's directly.

Thanks!

Spencer Ryan | Senior Systems Administrator | sryan@arbor.net
Arbor Networks
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com