Yep, that is Leo, technically the name is ‘Bind Observium’ in the ‘Bind Accounts’ OU, with password ‘thepassword’

 

Oh, and before anyone asks, this is stunnel tunnelling the LDAP back to AD hence I can get away with calling localhost:389 for my DS.

 

Sandy

 

On 07/07/2016, 22:57, "observium on behalf of Dano, Leo" <observium-bounces@observium.org on behalf of ldano@qualcomm.com> wrote:

 

Hi Sandy,

 

Just to verify what I am seeing.  You have an AD account Observium?  With the password thepassword (or something).  This is how you are binding to AD?

 

Thanks,
-----------------------
Leo Dano


 

From: observium [mailto:observium-bounces@observium.org] On Behalf Of Sandy Breeze
Sent: Thursday, July 07, 2016 2:46 PM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth

 

We use the below.  Substitute ‘MyCompany’ with $YourCompany and look at the sample structure

 

// Authentication Model

$config['auth_mechanism'] = "ldap";    // default, other options: ldap, http-auth, please see documentation for config help

 

// LDAP Auth

$config['auth_ldap_binddn'] = "CN=Bind Observium,OU=Bind Accounts,OU=Service Accounts,OU=MyCompany,OU=MyCompany Group,DC=MyCompany,DC=local";

$config['auth_ldap_bindpw'] = "thepassword";

$config['auth_ldap_bindanonymous'] = FALSE;

 

$config['auth_ldap_attr']['uid'] = "sAMAccountName";

$config['auth_ldap_attr']['uidNumber'] = "objectSid";

$config['auth_ldap_attr']['cn'] = "name";

$config['auth_ldap_objectclass'] = "person";

 

$config['auth_ldap_version'] = 3;

$config['auth_ldap_server'] = "127.0.0.1";

$config['auth_ldap_port']   = 389;

$config['auth_ldap_starttls'] = FALSE;

 

$config['auth_ldap_suffix'] = ",OU=MyCompany Group,DC=MyCompany,DC=local";

$config['auth_ldap_group']  = array("CN=MyCompany-Application-Observium_Admin Users,OU=Observium,OU=Application Groups,OU=Domain Local,OU=Security Groups,OU=MyCompany,OU=MyCompany Group,DC=MyCompany,DC=local");

$config['auth_ldap_groupbase'] = "OU=Observium,OU=Application Groups,OU=Domain Local,OU=Security Groups,OU=MyCompany,OU=MyCompany Group,DC=MyCompany,DC=local";

 

$config['auth_ldap_groupmembertype'] = "fulldn";

$config['auth_ldap_groupmemberattr'] = "member";

 

unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['MyCompany-Application-Observium_Admin Users']['level'] = 10;

$config['auth_ldap_groups']['MyCompany-Application-Observium_Users']['level'] = 1;

 

 

 

On 07/07/2016, 22:36, "observium on behalf of Adam Armstrong" <observium-bounces@observium.org on behalf of adama@memetic.org> wrote:

 

That would be useful to a lot of people I think. AD is a common question!

Adam.

Sent from BlueMail

On 7 Jul 2016, at 22:33, Richard Franks <richardfranks152@gmail.com> wrote:

I can probably put together some bits tomorrow. I've got it working against AD. 


On 7 Jul 2016, at 22:31, Adam Armstrong <adama@memetic.org> wrote:

Would someone who knows what they're talking about like to write some kinda of instructions on this?

None of us do AD, so... :)

Adam.

Sent from BlueMail

On 7 Jul 2016, at 22:28, Sam Jones <jonesamu@isu.edu> wrote:

My biggest hurdle was finding and using the Full DN of the accounts and groups being used.

 

Here is our scrubbed configuration we are using:

 

$config['auth_mechanism'] = "ldap";

// LDAP Authentication

// Full DN of BIND ACCOUNT

$config['auth_ldap_binddn'] = "CN=BIND_ACCOUNT,OU=GROUP1,DC=DOMAIN,DC=COM";

$config['auth_ldap_bindpw'] = "PASSWORD";

$config['auth_ldap_attr']['uid'] = "sAMAccountName";

$config['auth_ldap_attr']['uidNumber'] = "objectSid";

$config['auth_ldap_attr']['cn'] = "name";

$config['auth_ldap_attr']['dn'] = "distinguishedname";

$config['auth_ldap_objectclass'] = "person";

$config['auth_ldap_version'] = 3;

$config['auth_ldap_server'] = "AD_SERVER.DOMAIN.COM";

$config['auth_ldap_port']   = 389;

$config['auth_ldap_starttls'] = TRUE;

// Full DN of account used to Login 

$config['auth_ldap_prefix'] = "CN=";

$config['auth_ldap_suffix'] = ",OU=GROUP2,DC=DOMAIN,DC=COM";

// Full DN of group to allow access

$config['auth_ldap_group']  = array("CN=Observium Admins,OU=GROUPS,DC=DOMAIN,DC=COM");

$config['auth_ldap_groupmembertype'] = "fulldn";

$config['auth_ldap_groupmemberattr'] = "member";

unset($config['auth_ldap_groups']);

// Full DN of Group to assign access level

$config['auth_ldap_groups']['CN=Observium Admins,OU=GROUPS,DC=DOMAIN,DC=COM']['level'] = 10;

 

Sam

 

 

On Thu, Jul 7, 2016 at 2:49 PM, Dano, Leo <ldano@qualcomm.com> wrote:

Active Directory

 

Thanks,
-----------------------
Leo Dano

 

From: observium [mailto:observium-bounces@observium.org] On Behalf Of Sam Jones
Sent: Thursday, July 07, 2016 1:29 PM


To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth

 

Have you tried looking at the http://{Your_Observium_Server}/debug.  

What type of Directory Server are you connecting to?

Sam

 

On Thu, Jul 7, 2016 at 1:53 PM, Dano, Leo <ldano@qualcomm.com> wrote:

Hello all,

 

Tried Maartens entries in the conf file.  Put all our ldap info but no worky.  Was trying to tail the log files but I can’t find the right one to tail.  auth is not updating as I put in incorrect login details. 

 

Any suggestions?

 

Thanks,
-----------------------
Leo Dano

 

From: observium [mailto:observium-bounces@observium.org] On Behalf Of Dano, Leo
Sent: Thursday, June 30, 2016 8:49 AM


To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth

 

Thanks Maarten!  This will help me get in the right direction.

 

Thanks,
-----------------------
Leo Dano

 

From: observium [mailto:observium-bounces@observium.org] On Behalf Of Moerman, Maarten
Sent: Thursday, June 30, 2016 6:41 AM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth

 

Ow , euh, replace BLAgroup and BLAcompany with your group and company (from your ldap params), forgot to fix one line in below example :)

 

From: observium <observium-bounces@observium.org> on behalf of "Moerman, Maarten" <mmoerman@ebay.com>
Reply-To: Observium Network Observation System <observium@observium.org>
Date: Thursday, June 30, 2016 at 3:39 PM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth

 

This is ours:

 

// LDAP Authentication

$config['auth_mechanism']                             = "ldap";

$config['auth_ldap_group']                            = array();

$config['auth_ldap_version']                          = 3;

$config['auth_ldap_server']                           = “<ldap-server-hostname>";

$config['auth_ldap_port']                             = 389;

$config['auth_ldap_starttls']                         = FALSE;

$config['auth_ldap_objectclass']                      = "posixAccount";

$config['auth_ldap_prefix']                           = "uid=";

$config['auth_ldap_suffix']                           = ",ou=People,ou=BLAgroup,o=BLAcompany";

$config['auth_ldap_attr']['uid']                      = "uid";

$config['auth_ldap_attr']['uidNumber']                = "uidNumber";

$config['auth_ldap_attr']['cn']                       = "cn";

$config['auth_ldap_groupmemberattr']                  = "memberUid";

$config['auth_ldap_groupbase']                        = "ou=group,ou=<yourgroup>,o=<yourcompany>";

$config['auth_ldap_groups']['nw']['level']            = 10;

 

 

 

From: observium <observium-bounces@observium.org> on behalf of Ximena Cardinali <ximenacardinali@gmail.com>
Reply-To: Observium Network Observation System <observium@observium.org>
Date: Thursday, June 30, 2016 at 3:17 PM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] Setting up LDAP Auth

 

I couldn't make it work either. If you find a solution that works, I'll appreciate your feedback.

 

On 29 June 2016 at 17:52, Dano, Leo <ldano@qualcomm.com> wrote:

Hello all,

 

Anyone care to share your config settings?  I am having a hard time setting this up.  Please remove your domain info in the reply.

 

/opt/observium/config.php

 

Thanks,
-----------------------
Leo Dano

 


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 


observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium


observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium