’too’ because it seems I am not the only one.
Here is the full debug :
LDAP[Connecting]
LDAP[Connected]
LDAP[Version][Set to 3]
LDAP[Bind DN called]
LDAP[Bind][CN=auth,CN=Users,DC=company,DC=fr]
LDAP[Filter][(sAMAccountName=greg)][OU=Road,DC=company,DC=fr]
LDAP[Authenticate][User: greg][Bind user: CN=Greg,OU=Tech,OU=Account,OU=Road,DC=company,DC=fr]
LDAP[Authenticate][Compare: CN=Observium_users,CN=Observium_Admin,OU=Groupes,OU=Road,DC=company,DC=fr][member][CN=Greg,OU=Tech,OU=Account,OU=Road,DC=company,DC=fr]
LDAP[Authenticate][Compare LDAP error: No such object]
Full config :
$config['auth_ldap_version'] = 3; # v2 or v3
$config['auth_ldap_server'] = "my.ldap.server";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_starttls'] = FALSE;
$config['auth_ldap_binddn'] = "CN=auth,CN=Users,DC=company,DC=fr";
$config['auth_ldap_bindpw'] = "maybe123";
$config['auth_ldap_attr']['uid'] = "sAMAccountName";
$config['auth_ldap_attr']['uidNumber'] = "objectSid";
$config['auth_ldap_attr']['cn'] = "name";
$config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_prefix'] = "DN=";
$config['auth_ldap_suffix'] = "OU=Road,DC=company,DC=fr";
$config['auth_ldap_group'] = array("CN=Observium_users,CN=Observium_Admin,OU=Groupes,OU=Road,DC=company,DC=fr");
$config['auth_ldap_groupbase'] = "OU=Groupes,OU=Road,DC=company,DC=fr";
$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['Observium_users']['level'] = 5;
$config['auth_ldap_groups']['Observium_Admin']['level'] = 10;
Greg
*De :* observium [mailto:observium-bounces@observium.org] *De la part de* Tom Laermans *Envoyé :* jeudi 3 juillet 2014 15:01 *À :* Observium Network Observation System *Objet :* Re: [Observium] LDAP Authentication
"too" ? What do you mean too?
Also, 1 debug line is totally useless.
Please post full configuration and full debug output.
Tom
On 07/03/2014 02:57 PM, Grégoire Tourres wrote:
Hi there,
Since last update to 5611, LDAP do not authenticate here too.
Debug says :
LDAP[Authenticate][Compare LDAP error: No such object]
Greg
*De :* observium [mailto:observium-bounces@observium.org] *De la part de* Paolo Giustiniani *Envoyé :* jeudi 3 juillet 2014 12:23 *À :* Observium Network Observation System *Objet :* Re: [Observium] LDAP Authentication
Hello,
the problem is another.
I have no access with CE edition to last update.
Now i have version
Observium CE 0.14.4.5229
2014-07-03 12:13 GMT+02:00 Bruce Guthrie Bruce.Guthrie@ictsecurity.com.au:
Hi Paolo,
Login to your observium instance with /debug appended to the URL. Once logged in you should see something like this;
Your debug output will show LDAP authentication, mine shows local authentication.
Hope that helps
Regards
Bruce
*From:* observium [mailto:observium-bounces@observium.org] *On Behalf Of *Paolo Giustiniani *Sent:* Thursday, 3 July 2014 20:07 *To:* Observium Network Observation System *Subject:* Re: [Observium] LDAP Authentication
Mike, site.com isn't the real name.
2014-07-03 12:03 GMT+02:00 Mike Stupalov mike@observium.org:
On 03.07.2014 13:56, Paolo Giustiniani wrote:
I have attach my page (observium.site.com/debug)
LOL
2014-07-03 11:52 GMT+02:00 Tom Laermans tom.laermans@powersource.cx:
Hi,
This is still not login debug output...
Tom
On 07/03/2014 11:28 AM, Paolo Giustiniani wrote:
Hello Tom,
i have update to te last version.
The problem is the same.
authentication is successful, it is as if the user was not recognized as admin.
He did not just administrative privileges of any kind.
I attach the screenshot of the debug
2014-07-03 11:04 GMT+02:00 Tom Laermans tom.laermans@powersource.cx:
That's not login debug though; log out, then log back in through the /debug url (make sure you're on the latest version).
Fixes for LDAP on AD went in this morning, make sure to update.
Tom
On 07/03/2014 10:59 AM, Paolo Giustiniani wrote:
Hello,
my debug is this
SELECT * FROM `devices_perms` WHERE `user_id` = '10008'
SELECT * FROM `ports_perms` WHERE `user_id` = '10008'
SELECT * FROM `bill_perms` WHERE `user_id` = '10008'
SELECT `value` FROM `users_prefs` WHERE `user_id` = '10008' AND `pref` = 'atom_key'
SELECT * FROM `devices` ORDER BY `hostname`
SELECT device_id, ports.port_id, ifAdminStatus, ifOperStatus, `deleted`, `ignore`, `ifOutErrors_delta`, `ifInErrors_delta` FROM `ports` LEFT JOIN `ports-state` ON `ports`.`port_id` = `ports-state`.`port_id`
SELECT * FROM `sensors` LEFT JOIN `sensors-state` ON `sensors`.`sensor_id` = `sensors-state`.`sensor_id`
SELECT `device_id`,`bgpPeerState`,`bgpPeerAdminStatus`,`bgpPeerRemoteAs` FROM bgpPeers
SELECT `device_id`,`ospfAdminStat` FROM `ospf_instances`
SELECT COUNT(cef_switching_id) from `cef_switching`
SELECT COUNT(vrf_id) from `vrfs`
SELECT COUNT(*) FROM services WHERE service_status = '0'
Il giorno 02 luglio 2014 14:08, Tom Laermans tom.laermans@powersource.cx ha scritto:
Log out, surf to your.observium.host/debug, log in, check the debug output.
On 02/07/2014 13:17, Paolo Giustiniani wrote:
Hi Tom,
how can enable debug for this option?
Il giorno 02 luglio 2014 12:47, Tom Laermans tom.laermans@powersource.cx ha scritto:
Hi,
The LDAP authentication has been used in production for years by many people.
Usually the problem is misconfiguration or "speshul" LDAP servers.
Working on debugging an authorization issue with some Active Directory servers soon, which may also resolve your issue.
But as you're not actually giving any information on what's going on, what your configuration is and what the debug output says, the assistance will obviously be of the same level (=none).
Tom
On 07/02/2014 12:44 PM, Branzko, Matthias wrote:
Hello Paolo,
similar problem here but I have still no solution..
@Adam: ist the LDAP authentication in a kind of early development or is it „stable“ thing in your eyes?
Thanks and regards
Matthias
*Von:* observium [mailto:observium-bounces@observium.org observium-bounces@observium.org] *Im Auftrag von *Paolo Giustiniani *Gesendet:* Mittwoch, 2. Juli 2014 12:10 *An:* Observium Network Observation System *Betreff:* Re: [Observium] LDAP Authentication
Hello,
have you update?
Il giorno 30 giugno 2014 09:45, Paolo Giustiniani clubbu@gmail.com ha scritto:
Hello,
I use ldap to authenticate my users.
Unfortunately for the users admin if using ldap, after login there are no graphics and no administrative leave.
What can I check?
