Hi Adriaan,
my groups are very identical with yours, they are directly under
"OU=Projects and roles,OU=EXAMPLE,DC=EXAMPLE,DC=NET";
so, I can´t set this groups much higher in the AD tree. :(
Christian
Am 11-11-2013 14:36, schrieb Adriaan Smuts:
I used LDAP on the latest CE before upgrading to Pro. So it shouldn't make any difference.
If you can login it means that the issue is related to perms/group, meaning on your AD side. Try creating a group as high in your AD as possible and add your account to that group. Test from there.
Adriaan
-----Original Message----- From: observium [mailto:observium-bounces@observium.org] On Behalf Of Tom Laermans Sent: Monday, November 11, 2013 2:47 PM To: Observium Network Observation System Subject: Re: [Observium] Unable to map aut_ldap_groups
As far as I know one bug related to LDAP was fixed in Pro, but not this: using non-AD LDAP, devices couldn't be assigned to users. But afaik no changes in AD/group handling.
Tom
On 11/11/2013 13:39, Christian Hügel wrote:
Yes exactly! I´m still running the last open source version.
Observium CE 0.13.10.4586
Can someone confirm if this is a bug in this version?
Christian
Am 11-11-2013 11:30, schrieb Adriaan Smuts:
Observium Professional - 0.13.11.4754
So you can login, but you don't see any devices?
Regards, Adriaan
-----Original Message----- From: observium [mailto:observium-bounces@observium.org] On Behalf Of Christian Hügel Sent: Monday, November 11, 2013 12:17 PM To: observium@observium.org Subject: Re: [Observium] Unable to map aut_ldap_groups
Hi Adriaan,
well, I can login with my AD username. So the ldap bind_user and bind_pw are correct. Iptables/Selinux are disabled on Observium server. What version of observium are you using?
Regards,
Christian
Am 11-11-2013 10:50, schrieb Adriaan Smuts:
Hi Christian,
I checked your config and it looks exactly (just different order) the same as mine:
// Authentication Model $config['auth_mechanism'] = "ldap"; // default, other options: ldap, http-auth, please see documentation for config help
// LDAP Authentication $config['auth_ldap_binddn'] = "cn=ldap_username,ou=Applications,ou=Users,ou=Cape Town,ou=EXAMPLE,dc=corp,dc=EXAMPLE,dc=com"; $config['auth_ldap_bindpw'] = "**********";
$config['auth_ldap_attr']['uid'] = "sAMAccountName"; $config['auth_ldap_attr']['uidNumber'] = "objectSid"; $config['auth_ldap_attr']['cn'] = "name"; $config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3; $config['auth_ldap_server'] = "dc.EXAMPLE.com"; $config['auth_ldap_port'] = 389; $config['auth_ldap_starttls'] = false;
$config['auth_ldap_prefix'] = "CN="; $config['auth_ldap_suffix'] = ",OU=Departments,OU=Users,OU=Cape Town,OU=EXAMPLE,DC=corp,DC=EXAMPLE,DC=com"; $config['auth_ldap_group'] = "ou=role,ou=security,ou=global,ou=EXAMPLE, dc=corp,dc=EXAMPLE, dc=com"; $config['auth_ldap_groupbase'] = "ou=role,ou=security,ou=global,ou=EXAMPLE, dc=corp,dc=EXAMPLE, dc=com";
$config['auth_ldap_groupmembertype'] = "fulldn"; $config['auth_ldap_groupmemberattr'] = "member";
$config['auth_ldap_groups']['Observium-Admins']['level'] = 10; $config['auth_ldap_groups']['Observium-Users']['level'] = 7; $config['auth_ldap_groups']['Observium-Limited']['level'] = 0;
This is going to sound stupid, but did you open the firewall on your Observium and domain controller to allow ldap/389? I would suggest checking that basics, on the DC confirm that Observium is connecting to ldap. I struggled with this for almost 2days before I got mine working.
Regards
Adriaan Smuts Junior Systems Administrator
Direct Line +27 21 464 9565 Reception 0861 555 222 Website www.webafrica.co.za