That’s great „quick“ workaround... thanks... only trouble is that member of those groups couldn’t be another group. But I have small
number of users, so no roblem at all for me.
From: observium [mailto:observium-bounces@observium.org]
On Behalf Of Spencer Ryan
Sent: Tuesday, May 3, 2016 6:41 PM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] LDAP users permissions
Apply the attached .patch file and set the proper config.php entries and it will work properly with AD. I fixed this months ago, and so far this file hasn't been touched so it should be safe.
$config['auth_ldap_binddn'] = "CN=blah,OU=Service Accounts,DC=arbor,DC=net";
$config['auth_ldap_bindpw'] = "PASSWORD";
$config['auth_ldap_attr']['uid'] = "sAMAccountName";
$config['auth_ldap_attr']['uidNumber'] = "objectSid";
$config['auth_ldap_attr']['cn'] = "cn";
$config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = "ldap.domain.com";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_starttls'] = FALSE;
$config['auth_ldap_prefix'] = "CN=";
$config['auth_ldap_suffix'] = ",OU=All Users,DC=arbor,DC=net";
$config['auth_ldap_group'] = array("CN=NMS-Users,OU=Security Groups,DC=arbor,DC=net");
$config['auth_ldap_groupbase'] = "OU=Security Groups,DC=arbor,DC=net";
$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['NMS-Admins']['level'] = 10;
$config['auth_ldap_groups']['NMS-GlobalReadOnly']['level'] = 7;
$config['auth_ldap_groups']['NMS-Users']['level'] = 1;
Users must be a member of "NMS-Users" or your equivalent group to be able to log in, this is also what Observium will use to populate the user list for assigning permissions.
Spencer Ryan | Senior Systems Administrator | sryan@arbor.net
Arbor Networks
+1.734.794.5033 (d) | +1.734.846.2053 (m)
On Tue, May 3, 2016 at 12:17 PM, Mike Driscoll <mike.driscoll@oracle.com> wrote: