From: observium [mailto:observium-bounces@observium.org] On Behalf Of Jacob Bisby
Sent: Tuesday, 7 February 2017 9:43 AM
To: Observium Network Observation System <observium@observium.org>
Subject: Re: [Observium] AD Ldap Authentication Debug

Is there an easy way to downgrade Observium to PHP5.6?

On Mon, Feb 6, 2017 at 11:05 AM, Dan Letkeman <danletkeman@gmail.com> wrote:

Thanks for the tip.  Debugging works now.  However it doesn't seem to point to any problem in particular.  "Error binding to LDAP server".  If I use the same credentials with a different system it works fine.  Any other thoughts?

 

LDAP[Connecting to ldap.domain.ca]

×

LDAP[Connected]

×

LDAP[Referrals][Disabled]

×

LDAP[Version][Set to 3]

×

LDAP[Bind DN called]

×

LDAP[Bind][cn=ldapproxy,cn=Users,dc=domain,dc=ca]

×

Error binding to LDAP server: ldap.domain.ca: Can't contact LDAP server

 

On Mon, Feb 6, 2017 at 10:46 AM, Tom Laermans <tom.laermans@powersource.cx> wrote:

Dan,

To debug authentication issues you need to set $config['web_debug_unprivileged'] to TRUE (i advise you to disable it again later, as it leaks configuration data to any non-admin, even non-logged-in person)

Tom

On 02/06/2017 05:44 PM, Dan Letkeman wrote:

Hello,

 

I'm trying to setup AD Ldap authentication and getting nowhere.  I'm running observium version 17.1.8318 and PHP 7.0.15.  I have ldap enabled and I have verified that with phpinfo.  When I try to login with these settings in my config.php it just goes back to the login page with no failed login message or any other notice.  I have tried to use observium.domain.com/debug/ but it does the same thing.

 

$config['auth_ldap_binddn'] = "cn=ldapproxy,cn=Users,dc=domain,dc=ca";

$config['auth_ldap_bindpw'] = "password";

$config['auth_ldap_attr']['uid'] = "sAMAccountName";

$config['auth_ldap_attr']['uidNumber'] = "objectSid";

$config['auth_ldap_attr']['cn'] = "name";

$config['auth_ldap_attr']['dn'] = "distinguishedname";

$config['auth_ldap_objectclass'] = "person";

$config['auth_ldap_version'] = 3;

$config['auth_ldap_server'] = "ldap.domain.ca";

$config['auth_ldap_port']   = 389;

$config['auth_ldap_starttls'] = FALSE;

$config['auth_ldap_prefix'] = "CN=";

$config['auth_ldap_suffix'] = ",DC=domain,DC=ca";

$config['auth_ldap_group']  = array("CN=Domain Admins,OU=Users,DC=domain,DC=ca");

$config['auth_ldap_groupbase'] = "OU=Users,DC=domain,DC=ca";

$config['auth_ldap_groupmembertype'] = "fulldn";

$config['auth_ldap_groupmemberattr'] = "member";

unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['CN=Domain Admins,OU=Users,DC=domain,DC=Ca']['level'] = 10;

$config['auth_ldap_groups']['CN=Domain Users,OU=Users,DC=domain,DC=Ca']['level'] = 1;

 

Is there a log somewhere that shows whats happening?

 

 

Also I am unable to start httpd on centos7 with these virtual host settings as per the installation manual:

 

<VirtualHost *>

   DocumentRoot /opt/observium/html/

   ServerName  observium.domain.ca

   CustomLog /opt/observium/logs/access_log combined

   ErrorLog /opt/observium/logs/error_log

   <Directory "/opt/observium/html/">

     AllowOverride All

     Options FollowSymLinks MultiViews

     Require all granted

   </Directory>

</VirtualHost>

 

Thee customlog and errorlog lines have to be commented out for the server to start.  Can anyone verify that those log settings work on centos7?  Perhaps I have some kind of rights issues with the files?

 

Thanks,
Dan.

 

 

_______________________________________________

observium mailing list

observium@observium.org

http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium