’too’ because it seems I am not the only one.

 

Here is the full debug :

 

 

LDAP[Connecting]

LDAP[Connected]

LDAP[Version][Set to 3]

LDAP[Bind DN called]

LDAP[Bind][CN=auth,CN=Users,DC=company,DC=fr]

LDAP[Filter][(sAMAccountName=greg)][OU=Road,DC=company,DC=fr]

LDAP[Authenticate][User: greg][Bind user: CN=Greg,OU=Tech,OU=Account,OU=Road,DC=company,DC=fr]

LDAP[Authenticate][Compare: CN=Observium_users,CN=Observium_Admin,OU=Groupes,OU=Road,DC=company,DC=fr][member][CN=Greg,OU=Tech,OU=Account,OU=Road,DC=company,DC=fr]

LDAP[Authenticate][Compare LDAP error: No such object]

 

Full config :

$config['auth_ldap_version'] = 3; # v2 or v3

$config['auth_ldap_server']  = "my.ldap.server";

$config['auth_ldap_port']    = 389;

$config['auth_ldap_starttls'] = FALSE;

 

$config['auth_ldap_binddn'] = "CN=auth,CN=Users,DC=company,DC=fr";

$config['auth_ldap_bindpw'] = "maybe123";

 

$config['auth_ldap_attr']['uid'] = "sAMAccountName";

$config['auth_ldap_attr']['uidNumber'] = "objectSid";

$config['auth_ldap_attr']['cn'] = "name";

$config['auth_ldap_objectclass'] = "person";

 

$config['auth_ldap_prefix'] = "DN=";

$config['auth_ldap_suffix'] = "OU=Road,DC=company,DC=fr";

$config['auth_ldap_group']  = array("CN=Observium_users,CN=Observium_Admin,OU=Groupes,OU=Road,DC=company,DC=fr");

$config['auth_ldap_groupbase'] = "OU=Groupes,OU=Road,DC=company,DC=fr";

 

$config['auth_ldap_groupmembertype'] = "fulldn";

$config['auth_ldap_groupmemberattr'] = "member";

 

unset($config['auth_ldap_groups']);

$config['auth_ldap_groups']['Observium_users']['level'] = 5;

$config['auth_ldap_groups']['Observium_Admin']['level'] = 10;

 

 

 

Greg

 

De : observium [mailto:observium-bounces@observium.org] De la part de Tom Laermans
Envoyé : jeudi 3 juillet 2014 15:01
À : Observium Network Observation System
Objet : Re: [Observium] LDAP Authentication

 

"too" ? What do you mean too?

Also, 1 debug line is totally useless.

Please post full configuration and full debug output.

Tom

On 07/03/2014 02:57 PM, Grégoire Tourres wrote:

Hi there,

 

Since last update to 5611, LDAP do not authenticate here too.

 

Debug says :

 

LDAP[Authenticate][Compare LDAP error: No such object]

 

Greg

 

De : observium [mailto:observium-bounces@observium.org] De la part de Paolo Giustiniani
Envoyé : jeudi 3 juillet 2014 12:23
À : Observium Network Observation System
Objet : Re: [Observium] LDAP Authentication

 

Hello,

the problem is another.

 

I have no access with CE edition to last update.

 

Now i have version 

 

Observium CE 0.14.4.5229

 

2014-07-03 12:13 GMT+02:00 Bruce Guthrie <Bruce.Guthrie@ictsecurity.com.au>:

Hi Paolo,

 

Login to your observium instance with /debug appended to the URL.  Once logged in you should see something like this;

 

Your debug output will show LDAP authentication, mine shows local authentication.

 

Hope that helps

 

Regards

 

Bruce

 

 

 

From: observium [mailto:observium-bounces@observium.org] On Behalf Of Paolo Giustiniani
Sent: Thursday, 3 July 2014 20:07
To: Observium Network Observation System
Subject: Re: [Observium] LDAP Authentication

 

Mike, site.com isn't the real name.

 

2014-07-03 12:03 GMT+02:00 Mike Stupalov <mike@observium.org>:

On 03.07.2014 13:56, Paolo Giustiniani wrote:

I have attach my page (observium.site.com/debug)

 

LOL

 

 

2014-07-03 11:52 GMT+02:00 Tom Laermans <tom.laermans@powersource.cx>:


Hi,

This is still not login debug output...

Tom



On 07/03/2014 11:28 AM, Paolo Giustiniani wrote:

Hello Tom,

i have update to te last version.

 

The problem is the same.

 

authentication is successful, it is as if the user was not recognized as admin. 

 

He did not just administrative privileges of any kind.

 

I attach the screenshot of the debug

 

2014-07-03 11:04 GMT+02:00 Tom Laermans <tom.laermans@powersource.cx>:

That's not login debug though; log out, then log back in through the /debug url (make sure you're on the latest version).

Fixes for LDAP on AD went in this morning, make sure to update.

Tom



On 07/03/2014 10:59 AM, Paolo Giustiniani wrote:

Hello,

my debug is this

 

SELECT * FROM `devices_perms` WHERE `user_id` = '10008'

SELECT * FROM `ports_perms` WHERE `user_id` = '10008'

SELECT * FROM `bill_perms` WHERE `user_id` = '10008'

SELECT `value` FROM `users_prefs` WHERE `user_id` = '10008' AND `pref` = 'atom_key'

SELECT * FROM `devices` ORDER BY `hostname`

SELECT device_id, ports.port_id, ifAdminStatus, ifOperStatus, `deleted`, `ignore`, `ifOutErrors_delta`, `ifInErrors_delta` FROM `ports` LEFT JOIN `ports-state` ON  `ports`.`port_id` =  `ports-state`.`port_id`

SELECT * FROM `sensors` LEFT JOIN `sensors-state` ON `sensors`.`sensor_id` = `sensors-state`.`sensor_id`

SELECT `device_id`,`bgpPeerState`,`bgpPeerAdminStatus`,`bgpPeerRemoteAs` FROM bgpPeers

SELECT `device_id`,`ospfAdminStat` FROM `ospf_instances`

SELECT COUNT(cef_switching_id) from `cef_switching`

SELECT COUNT(vrf_id) from `vrfs`

SELECT COUNT(*) FROM services WHERE service_status = '0'

 

Il giorno 02 luglio 2014 14:08, Tom Laermans <tom.laermans@powersource.cx> ha scritto:

Log out, surf to your.observium.host/debug, log in, check the debug output.



On 02/07/2014 13:17, Paolo Giustiniani wrote:

Hi Tom,

how can enable debug for this option?

 

Il giorno 02 luglio 2014 12:47, Tom Laermans <tom.laermans@powersource.cx> ha scritto:

Hi,

The LDAP authentication has been used in production for years by many people.

Usually the problem is misconfiguration or "speshul" LDAP servers.

Working on debugging an authorization issue with some Active Directory servers soon, which may also resolve your issue.

But as you're not actually giving any information on what's going on, what your configuration is and what the debug output says, the assistance will obviously be of the same level (=none).

Tom



On 07/02/2014 12:44 PM, Branzko, Matthias wrote:

Hello Paolo,

 

similar problem here but I have still no solution..

 

@Adam: ist the LDAP authentication in a kind of early development or is it „stable“ thing in your eyes?

 

Thanks and regards

Matthias

 

Von: observium [mailto:observium-bounces@observium.org] Im Auftrag von Paolo Giustiniani
Gesendet: Mittwoch, 2. Juli 2014 12:10
An: Observium Network Observation System
Betreff: Re: [Observium] LDAP Authentication

 

Hello,

have you update?

 

Il giorno 30 giugno 2014 09:45, Paolo Giustiniani <clubbu@gmail.com> ha scritto:

Hello,

I use ldap to authenticate my users. 

 

Unfortunately for the users admin if using ldap, after login there are no graphics and no administrative leave. 

 

What can I check?

 

-- 


 

 

 

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 

 

 

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 

-- 
Mike Stupalov
 
http://observium.org


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium



 

--
Paolo Giustiniani
Mobile. 348.3857809
Mail: paolo.giustiniani@cri.it
Skype: p.giustiniani
Skype number: 011.19825260

----------------------------------------------------------------------------------------
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
----------------------------------------------------------------------------------------
Note in ottemperanza al Decreto Legislativo 196/2003 sulla Tutela dei Dati Personali:
Il presente messaggio e gli eventuali allegati sono rivolti unicamente all'attenzione del destinatario ed il relativo contenuto potrebbe avere carattere riservato e ne e' vietata la diffusione in qualunque modo eseguita.
Nel caso in cui aveste ricevuto questa mail per errore, Vi invitiamo ad avvertire il mittente al più presto a mezzo posta elettronica ed a distruggere il messaggio erroneamente ricevuto.


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium



 

--
Paolo Giustiniani
Mobile. 348.3857809
Mail: paolo.giustiniani@cri.it
Skype: p.giustiniani
Skype number: 011.19825260

----------------------------------------------------------------------------------------
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
----------------------------------------------------------------------------------------
Note in ottemperanza al Decreto Legislativo 196/2003 sulla Tutela dei Dati Personali:
Il presente messaggio e gli eventuali allegati sono rivolti unicamente all'attenzione del destinatario ed il relativo contenuto potrebbe avere carattere riservato e ne e' vietata la diffusione in qualunque modo eseguita.
Nel caso in cui aveste ricevuto questa mail per errore, Vi invitiamo ad avvertire il mittente al più presto a mezzo posta elettronica ed a distruggere il messaggio erroneamente ricevuto. 




_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium