That would be useful to a lot of people I think. AD is a common question!
Adam.
Sent from BlueMail
I can probably put together some bits tomorrow. I've got it working against AD.Would someone who knows what they're talking about like to write some kinda of instructions on this?
None of us do AD, so... :)
Adam.
Sent from BlueMail
On 7 Jul 2016, at 22:28, Sam Jones <jonesamu@isu.edu> wrote:My biggest hurdle was finding and using the Full DN of the accounts and groups being used.Here is our scrubbed configuration we are using:$config['auth_mechanism'] = "ldap";// LDAP Authentication// Full DN of BIND ACCOUNT$config['auth_ldap_binddn'] = "CN=BIND_ACCOUNT,OU=GROUP1,DC=DOMAIN,DC=COM";$config['auth_ldap_bindpw'] = "PASSWORD";$config['auth_ldap_attr']['uid'] = "sAMAccountName";$config['auth_ldap_attr']['uidNumber'] = "objectSid";$config['auth_ldap_attr']['cn'] = "name";$config['auth_ldap_attr']['dn'] = "distinguishedname";$config['auth_ldap_objectclass'] = "person";$config['auth_ldap_version'] = 3;$config['auth_ldap_server'] = "AD_SERVER.DOMAIN.COM";$config['auth_ldap_port'] = 389;$config['auth_ldap_starttls'] = TRUE;// Full DN of account used to Login$config['auth_ldap_prefix'] = "CN=";$config['auth_ldap_suffix'] = ",OU=GROUP2,DC=DOMAIN,DC=COM";// Full DN of group to allow access$config['auth_ldap_group'] = array("CN=Observium Admins,OU=GROUPS,DC=DOMAIN,DC=COM");$config['auth_ldap_groupmembertype'] = "fulldn";$config['auth_ldap_groupmemberattr'] = "member";unset($config['auth_ldap_groups']);// Full DN of Group to assign access level$config['auth_ldap_groups']['CN=Observium Admins,OU=GROUPS,DC=DOMAIN,DC=COM']['level'] = 10;Sam
On Thu, Jul 7, 2016 at 2:49 PM, Dano, Leo <ldano@qualcomm.com> wrote:Active Directory
Thanks,
-----------------------
Leo Dano
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Sam Jones
Sent: Thursday, July 07, 2016 1:29 PM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth
Have you tried looking at the http://{Your_Observium_Server}/debug.
What type of Directory Server are you connecting to?
Sam
On Thu, Jul 7, 2016 at 1:53 PM, Dano, Leo <ldano@qualcomm.com> wrote:
Hello all,
Tried Maartens entries in the conf file. Put all our ldap info but no worky. Was trying to tail the log files but I can’t find the right one to tail. auth is not updating as I put in incorrect login details.
Any suggestions?
Thanks,
-----------------------
Leo Dano
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Dano, Leo
Sent: Thursday, June 30, 2016 8:49 AM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth
Thanks Maarten! This will help me get in the right direction.
Thanks,
-----------------------
Leo Dano
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Moerman, Maarten
Sent: Thursday, June 30, 2016 6:41 AM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth
Ow , euh, replace BLAgroup and BLAcompany with your group and company (from your ldap params), forgot to fix one line in below example :)
From: observium <observium-bounces@observium.org> on behalf of "Moerman, Maarten" <mmoerman@ebay.com>
Reply-To: Observium Network Observation System <observium@observium.org>
Date: Thursday, June 30, 2016 at 3:39 PM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth
This is ours:
// LDAP Authentication
$config['auth_mechanism'] = "ldap";
$config['auth_ldap_group'] = array();
$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = “<ldap-server-hostname>";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_starttls'] = FALSE;
$config['auth_ldap_objectclass'] = "posixAccount";
$config['auth_ldap_prefix'] = "uid=";
$config['auth_ldap_suffix'] = ",ou=People,ou=BLAgroup,o=BLAcompany";
$config['auth_ldap_attr']['uid'] = "uid";
$config['auth_ldap_attr']['uidNumber'] = "uidNumber";
$config['auth_ldap_attr']['cn'] = "cn";
$config['auth_ldap_groupmemberattr'] = "memberUid";
$config['auth_ldap_groupbase'] = "ou=group,ou=<yourgroup>,o=<yourcompany>";
$config['auth_ldap_groups']['nw']['level'] = 10;
From: observium <observium-bounces@observium.org> on behalf of Ximena Cardinali <ximenacardinali@gmail.com>
Reply-To: Observium Network Observation System <observium@observium.org>
Date: Thursday, June 30, 2016 at 3:17 PM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth
I couldn't make it work either. If you find a solution that works, I'll appreciate your feedback.
On 29 June 2016 at 17:52, Dano, Leo <ldano@qualcomm.com> wrote:
Hello all,
Anyone care to share your config settings? I am having a hard time setting this up. Please remove your domain info in the reply.
/opt/observium/config.php
Thanks,
-----------------------
Leo Dano
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium