Hi Tony

 

I’ve changed the configuration based on your suggestion & I’ve encountered an error message.

 

 

This was after I changed $config['auth_ldap_server'] = from $config['auth_ldap_server'] =ldap://192.168.1.234” to $config['auth_ldap_server'] =“server01.domain01.com”.

 

Is there any other configurations I am missing out for LDAP? Please advise.

 

Best Regards

Valerie Lim

 

 

From: Tony Guadagno <tonyg@guadagno.org>
Sent: Wednesday, 11 May 2022 9:55 pm
To: Observium <observium@observium.org>
Cc: Valerie Lim <valerie.lim@acclivis.com>
Subject: RE: LDAP / LDAPS Authentication with Observium

 

Valerie, to clarify one suggestion,

 

I think $config['auth_ldap_server'] = "ldap://192.168.1.234";

Should be $config['auth_ldap_server'] = "fqdn of server as listed in the cert you generated";

 

I also mean, you need to drop the ldap:// from the url, so it should just be

$config['auth_ldap_server'] = "server.domain.com";

 

 

 

 

From: observium <observium-bounces@observium.org> On Behalf Of Valerie Lim via observium
Sent: Tuesday, May 10, 2022 11:19 PM
To: Observium <observium@observium.org>
Cc: Valerie Lim <valerie.lim@acclivis.com>
Subject: [Observium] LDAP / LDAPS Authentication with Observium

 

Hi

 

I’ve configured my config.php based on recommended advice. However, when I try logging in, it only refreshes the page and shows me the following logs:

 

 

I’m running my Observium on Ubuntu Desktop 20.04 and my LDAP server on Windows Server 2019. Here is my config.php configuration:

 

// Authentication Model

$config['auth_mechanism'] = "ldap";    // default, other options: ldap, http-auth, please se>

 

$config['auth_ldap_binddn'] = "cn=Administrator,cn=Users,dc=domain01,dc=com";

$config['auth_ldap_bindpw'] = "XXXXXXXX";

 

$config['auth_ldap_attr']['uid'] = "sAMAccountName";

$config['auth_ldap_attr']['uidNumber'] = "objectSid";

$config['auth_ldap_attr']['cn'] = "name";

$config['auth_ldap_attr']['dn'] = "distinguishedName";

$config['auth_ldap_objectclass'] = "person";

 

$config['auth_ldap_version'] = 3;

$config['auth_ldap_server'] = "ldap://192.168.1.234";

$config['auth_ldap_port']   = 389;

$config['auth_ldap_starttls'] = TRUE;

$config['auth_ldap_bindanonymous'] = FALSE;

 

$config['auth_ldap_prefix'] = "CN=";

$config['auth_ldap_suffix'] = ",OU=ACCLIVIS,DC=domain01,DC=com";

$config['auth_ldap_group']  = array("CN=grouping,OU=ACCLIVIS,DC=domain01,DC=com");

$config['auth_ldap_groupbase'] = "CN=grouping,OU=ACCLIVIS,DC=domain01,DC=com";

 

$config['auth_ldap_groupmembertype'] = "nodn";

$config['auth_ldap_groupmemberattr'] = "member";

 

unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['CN=grouping,OU=ACCLIVIS,DC=domain01,DC=com']['level'] = 10;

 

$config['web_debug_unprivileged'] = TRUE;

 

I am able to run a successful LDAP query from my host to my LDAP server. Thus, please advice on what else I can be missing. I’m reverting back from LDAPS to LDAP as I would like to fix the basic LDAP connection first before moving to a secured LDAP.

 

Best Regards

Valerie Lim