Hi Graeme

 

Thanks! Also just want to check with you:

 

  1. Other than getting LDAP to work, did you manage to get LDAPS to work as well? If so, could you provide the steps on how your team did it?
  2. What OS is both your host Observium & LDAP server running on?
  3. For LDAP, other than setting up Observium in the host & LDAP service in the server itself, were there any additional packages / steps you did to make it work?

 

Best Regards

Valerie Lim

 

From: Graeme Davis <graeme@graeme.org>
Sent: Thursday, 12 May 2022 10:23 am
To: Observium <observium@observium.org>
Cc: Valerie Lim <valerie.lim@acclivis.com>
Subject: Re: [Observium] LDAP / LDAPS Authentication with Observium

 

We got it working a few days ago from info in this thread.  We used nodn as well as the array of groups to map to levels.  I can send what worked for us tomorrow.

 

-Graeme

 

On Wed, May 11, 2022 at 10:20 PM Valerie Lim via observium <observium@observium.org> wrote:

Hi

 

I am having issue authenticating the members in my group as the error message says that it is unable to get a match of a user in a particular group.

 

Here are some steps I’ve taken so far:

 

  • Changing to $config['auth_ldap_server'] = "server01.domain01.com"; caused an error that LDAP server was unable to bind thus that is why I am using IP address
  • All my users are already a member of the group that I’ve specified & the group is also in an OU I’ve specified in my config.php

 

So, why is Observium unable to get a match of the users even though the specifications are already there? Please advise.

 

Attached is my config.php configuration:

 

// Authentication Model

$config['auth_mechanism'] = "ldap";    // default, other options: ldap, http-auth, please se>

 

$config['auth_ldap_binddn'] = "cn=Administrator,cn=Users,dc=domain01,dc=com";

$config['auth_ldap_bindpw'] = "xxxxxxxx";

 

$config['auth_ldap_attr']['uid'] = "sAMAccountName";

$config['auth_ldap_attr']['uidNumber'] = "objectSid";

$config['auth_ldap_attr']['cn'] = "name";

$config['auth_ldap_attr']['dn'] = "distinguishedName";

$config['auth_ldap_objectclass'] = "person";

 

$config['auth_ldap_version'] = 3;

$config['auth_ldap_server'] = "ldap://192.168.1.234";

$config['auth_ldap_port']   = 389;

$config['auth_ldap_starttls'] = TRUE;

$config['auth_ldap_bindanonymous'] = FALSE;

 

$config['auth_ldap_prefix'] = "CN=";

$config['auth_ldap_suffix'] = ",OU=xxx,DC=domain01,DC=com";

$config['auth_ldap_group']  = array("CN=gtgroup,OU=xxx,DC=domain01,DC=com");

$config['auth_ldap_groupbase'] = "CN=gtgroup,OU=xxx,DC=domain01,DC=com";

 

$config['auth_ldap_groupmembertype'] = "nodn";

$config['auth_ldap_groupmemberattr'] = "member";

 

unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['CN=gtgroup,OU=xxx,DC=domain01,DC=com']['level'] = 10;

 

$config['web_debug_unprivileged'] = TRUE;

 

Error message I got when logging in:

 

My group & OU settings:

 

Best Regards

Valerie Lim

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium