Hi,

You have configured Observium to require membership of the group 'Observium Users' - your user isn't a member of this group.
If you don't want to filter users to a specific group (which means anyone can log in, but people not in the eng- groups you specify will have no further access) you can just leave out the auth_ldap_group setting.

You'll need to change the group names on the last 2 lines to the ones you want to use (eng-admins and eng-team) as well.

Tom

On 2020-10-06 14:56, Brian Bianchi via observium wrote:

Hello,

 

I am trying to configure Active Directory authentication on my Observium CE v20.9.10731 server using this page as a guide -> https://docs.observium.org/authentication/#active-directory

 

I am passed the point where my username and password are authenticated.

 

It is the group config I am confused about.

 

I have an Active Directory group “eng-admins” that I want to give administrative privileges to, of which my login (bbianchi) is a member.

 

And I have an Active Directory group “eng-team” that I want to give generic non-admin privileges.

 

My domain is hq.viviport.com.

 

It is not clear to me how to configure these lines to achieve this:

 

$config['auth_ldap_recursive'] = TRUE;

$config['auth_ldap_recursive_maxdepth'] = 3;

 

$config['auth_ldap_prefix'] = "CN=";

$config['auth_ldap_suffix'] = ",DC=hq,DC=viviport,DC=com";

$config['auth_ldap_group']  = array("CN=Observium Users,OU=Groups,DC=hq,DC=viviport,DC=com");

$config['auth_ldap_groupbase'] = "OU=Groups,DC=hq,DC=viviport,DC=com";

 

$config['auth_ldap_groupmembertype'] = "fulldn";

$config['auth_ldap_groupmemberattr'] = "member";

 

unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['CN=Observium Admins,OU=Groups,DC=hq,DC=viviport,DC=com']['level'] = 10;

$config['auth_ldap_groups']['CN=Observium Users,OU=Groups,DC=hq,DC=viviport,DC=com']['level'] = 1;

 

 

I have enabled debug logging.  Here is what I am getting below.  Any help would be greatly appreciated.  Thank you in advance.

--B

 

 

 

 

       Brian Bianchi
       Senior Release Engineer
        o:  +1 (781) 213-6483
        e: bbianchi@vestmark.com

 

Learn more about Vestmark! View our introduction video here.

 

Check us out on Social Media:

  

  

  

 

 

This e-mail and any attachments hereto, are intended for use by the addressee(s) only and may contain information that is confidential information of Vestmark, Inc. If you are not the intended recipient of this e-mail, or if you have otherwise received
this e-mail in error, please immediately notify me by telephone or by e-mail, and please permanently delete the original, any print outs and any copies of the foregoing. Any dissemination, distribution or copying of this e-mail is strictly prohibited.

 


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium