I had to edit one of the ldap php files for lookups to work properly. I'll dig through my install and see if I can find what I changed. I think I also emailed you about it 

On Feb 22, 2016 6:16 PM, "Ciro Iriarte" <cyruspy@gmail.com> wrote:
Hi!, I would like to also point out that the prefix+username+suffix parsing method doesn't work. The thing is, in LDAP you can have these user DNs:

CN=JONES Jean Paul,OU=Users,OU=GIT,OU=SiteA,OU=TLC,DC=domain,DC=com
CN=PEREZ Juan Pablo,OU=Users,OU=OTS,OU=SiteD,OU=TLC,DC=domain,DC=com

The autentication won't work in that case. In LDAP autentication, you usually map an LDAP attribute to the application username, in unix world it's usually uid, in AD it's sAMAccountName, not really to a substring of the DN as it can be anything, ending with the directory base.

I think we already have that mapping with $config['auth_ldap_attr']['uid'], so I'm not sure why auth_ldap_preffix and auth_ldap_suffix were introduced.

All the other user data should come alse from an attribute (email, real name, etc)

Regards,
Ciro


2016-02-08 20:22 GMT-03:00 Adam Armstrong <adama@memetic.org>:
But is that user given the correct user_id? (look at /preferences/)

adam.

On 08/02/2016 23:18:25, Cody Cook <observium@codycook.us> wrote:

Actually, I take it back. I am using groups to set admins and normal users, but not global read permissions. It has been working flawlessly for me, that I didn't remember. Go figure.
 
root@observium:/opt/observium# cat config.php| grep Observ
//$config['email']['from']           = "Observium <observium@threefifteen.info>";
$config['auth_ldap_binddn'] = "CN=Observium Service,CN=Users,DC=threefifteen,DC=info";
$config['auth_ldap_groups']['CN=Observium Admins,CN=Users,DC=threefifteen,DC=info']['level'] = 10;
$config['auth_ldap_groups']['CN=Observium Users,CN=Users,DC=threefifteen,DC=info']['level'] = 1;

I added a group "Observium Global Read" to AD and then gave it level permission 7 permission

$config['auth_ldap_groups']['CN=Observium Global Read,CN=Users,DC=threefifteen,DC=info']['level'] = 7;

Then I added a user to it. She showed up as global read and then I logged in as her and I saw all devices. 

Inline image 1
Inline image 2

Hope this helps. 

On Mon, Feb 8, 2016 at 9:27 AM, Cody Cook <observium@codycook.us> wrote:
Hi.
I use Active Directory auth through LDAP. 
Using 0.16.2.7561
Here's what my config looks like.
'Observium Service' is a user in my AD for binding.

I haven't tried to assign permissions to a group but I can try that later today, perhaps. 

Inline image 1


auth=>array(1)auth_ldap_version=>3auth_ldap_referrals=>0auth_ldap_server=>0=>tomie.threefifteen.infoauth_ldap_port=>389auth_ldap_starttls=>falseauth_ldap_recursive=>trueauth_ldap_recursive_maxdepth=>3auth_ldap_prefix=>CN=auth_ldap_suffix=>,CN=Users,DC=threefifteen,DC=infoauth_ldap_groupbase=>CN=Users,DC=threefifteen,DC=infoauth_ldap_binddn=>CN=Observium Service,CN=Users,DC=threefifteen,DC=infoauth_ldap_bindpw=>****************auth_ldap_bindanonymous=>falseauth_ldap_attr=>uid=>sAMAccountNameuidNumber=>objectSidcn=>namedn=>distinguishednameauth_ldap_objectclass=>personauth_ldap_groupmembertype=>fulldnauth_ldap_groupmemberattr=>member

On Mon, Feb 8, 2016 at 9:00 AM, Schrader, Spencer R <SSchrader11@winona.edu> wrote:
Does anyone have an ideas? I had normal users working properly on CE 

From: observium <observium-bounces@observium.org> on behalf of local_admin <SSchrader11@winona.edu>
Reply-To: Observium Network Observation System <observium@observium.org>
Date: Friday, February 5, 2016 at 9:47 AM
To: Observium Network Observation System <observium@observium.org>
Subject: [Observium] Normal Users not getting permissions using Active Directory

I have included the link at the bottom to where I described the issue which was marked “resolved” and I was pointed here for help. I have the professional version of observium where users are all successfully authenticating, but when normal users log in they can’t see anything. I edited there permissions and allowed them all to see multiple devices(screenshot in link),but they still can’t see anything. Observium recognizes they log in as normal users, but doesn’t let them see any of the other devices they have access to. Global Read, and administrators work fine. I posted my ldap config and a few screenshots in the link.
Thanks for your time!
-Spencer

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium



_______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium




--
Ciro Iriarte
http://iriarte.it
--

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium