Re: [Observium] Unable to map aut_ldap_groups

11 Nov 2013


      Hi Christian,
I checked your config and it looks exactly (just different order) the same as mine:
// Authentication Model
$config['auth_mechanism'] = "ldap";    // default, other options: ldap, http-auth, please see documentation for config help
// LDAP Authentication
$config['auth_ldap_binddn'] = "cn=ldap_username,ou=Applications,ou=Users,ou=Cape Town,ou=EXAMPLE,dc=corp,dc=EXAMPLE,dc=com";
$config['auth_ldap_bindpw'] = "**********";
$config['auth_ldap_attr']['uid'] = "sAMAccountName";
$config['auth_ldap_attr']['uidNumber'] = "objectSid";
$config['auth_ldap_attr']['cn'] = "name";
$config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = "dc.EXAMPLE.com";
$config['auth_ldap_port']   = 389;
$config['auth_ldap_starttls'] = false;
$config['auth_ldap_prefix'] = "CN=";
$config['auth_ldap_suffix'] = ",OU=Departments,OU=Users,OU=Cape Town,OU=EXAMPLE,DC=corp,DC=EXAMPLE,DC=com";
$config['auth_ldap_group']  = "ou=role,ou=security,ou=global,ou=EXAMPLE, dc=corp,dc=EXAMPLE, dc=com";
$config['auth_ldap_groupbase'] = "ou=role,ou=security,ou=global,ou=EXAMPLE, dc=corp,dc=EXAMPLE, dc=com";
$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";
$config['auth_ldap_groups']['Observium-Admins']['level'] = 10;
$config['auth_ldap_groups']['Observium-Users']['level'] = 7;
$config['auth_ldap_groups']['Observium-Limited']['level'] = 0;
This is going to sound stupid, but did you open the firewall on your Observium and domain controller to allow ldap/389? I would suggest checking that basics, on the DC confirm that Observium is connecting to ldap. I struggled with this for almost 2days before I got mine working.
Regards
Adriaan Smuts
Junior Systems Administrator
Direct Line    +27 21 464 9565
Reception     0861 555 222
Website        www.webafrica.co.za
-----Original Message-----
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Christian Hügel
Sent: Monday, November 11, 2013 11:02 AM
To: observium@observium.org
Subject: Re: [Observium] Unable to map aut_ldap_groups
Hi Adriaan,
no, here is my config:
$config['auth_ldap_server'] = "dc.example.net"; $config['auth_ldap_version'] = 3; # v2 or v3 $config['auth_ldap_starttls'] = FALSE; $config['auth_ldap_port'] = 389; $config['auth_ldap_binddn'] = "CN=LDAP_AWW,OU=Role without admin,OU=EXAMPLE,DC=EXAMPLE,DC=NET";
$config['auth_ldap_bindpw'] = "****";
$config['auth_ldap_attr']['uid'] = "sAMAccountName"; $config['auth_ldap_attr']['uidNumber'] = "objectSid"; $config['auth_ldap_attr']['cn'] = "name"; $config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_groupmembertype'] = "fulldn"; $config['auth_ldap_groupmemberattr'] = "member";
$config['auth_ldap_prefix'] = "CN=";
$config['auth_ldap_suffix'] =
",OU=BE135,OU=BAVARIA,OU=EUROPE,OU=EXAMPLE,DC=EXAMPLE,DC=NET";
$config['auth_ldap_group']  = "OU=Projects and roles,OU=EXAMPLE,DC=EXAMPLE,DC=NET";
$config['auth_ldap_groupbase'] = "OU=Projects and roles,OU=EXAMPLE,DC=EXAMPLE,DC=NET";
#unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['ObserviumAdmins']['level'] = 10; $config['auth_ldap_groups']['ObserviumUsers']['level'] = 10;
The groups ObserviumAdmins und ObserviumUsers are located directly under "OU=Projects and roles,OU=EXAMPLE,DC=EXAMPLE,DC=NET";
Regards,
Christian
Am 11-11-2013 09:25, schrieb Adriaan Smuts:
...
Are you using nested groups?
Regards,
Adriaan
-----Original Message-----
From: observium [mailto:observium-bounces@observium.org] On Behalf Of 
Christian Hügel
Sent: Monday, November 11, 2013 9:29 AM
To: observium@observium.org
Subject: Re: [Observium] Unable to map aut_ldap_groups
Nope it doesn´t work I´ve tried every possible combination.
Christian
Am 08-11-2013 12:19, schrieb Tom Laermans:
...
Hi Christian,
This was reported on the list a few days ago, as well. However it's 
working for me, so I'm not sure what to tell you.
Check /debug and see what the LDAP queries say...
Tom
On 11/08/2013 12:06 PM, Christian Hügel wrote:
...
Hi,
I´m using the ldap mechanism to auth against our AD. So far I can 
log in but unable to see any graphs or devices. Apparently the group:
$config['auth_ldap_groups']['ObserviumAdmins']['level'] = 10; are 
not mapped. However, the group "ObserviumAdmins" is present in AD 
and my username is member of this group. The auth_ldap_groupbase and 
auth_ldap_group is also correct.
Is there anything else I have to take into consideration?
Christian
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium