Hello
I have came across same problem.
But By God Gress we are able to find solution to it.
First you need to have special group for that customer or user you want to give only his device level access.
in config.php like below
$config['auth_ad_groups']['CN=Observium_Cust,OU=Tech_Team,DC=comtelindia,DC=com']['level'] = 1;
keep in mind you must set user level to 1.
Also make Observium_Cust name group in your AD server inside specified OU , like in our case it is Tech_Team.
Now restart apache service.
Now add user to Observium_Cust group in AD. eg i add john user to this group.
Login the observium using that user(john).
you will not see any devices for now.
Log out.
now login with Admin user.
go to setting icon top right , inside it go to users groups. click on edit user.
You will se list of users.
now click on user you want to edit (john)
and here you have to select list of device and port to be only visible to it.
save it.
logout from admin.
restart apache.
and log in using john user.
thats it ......
=========================================== our complete config.php is like below =============================================
<?php
## Check https://docs.observium.org/config_options/ for documentation of possible settings
## It's recommended that settings are edited in the web interface at /settings/ on your observium installation. ## Authentication and Database settings must be hardcoded here because they need to work before you can reach the web-based configuration interface
// Database config // --- This MUST be configured $config['db_host'] = 'localhost'; $config['db_name'] = 'observium'; $config['db_user'] = 'observium'; $config['db_pass'] = 'wfFnSS7owHv5rOe';
// Base directory #$config['install_dir'] = "/opt/observium";
// Default snmp version #$config['snmp']['version'] = "v2c"; // Snmp max repetition for faster requests #$config['snmp']['max-rep'] = TRUE; // Default snmp community list to use when adding/discovering #$config['snmp']['community'] = [ "public" ];
// Authentication Model #$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help
##################################################################################################################################################################################### ######################################################### AD configuration ########################################################################################################## #################################################################################################################################################################################### #$config['auth_mechanism'] = "http-auth"; // For HTTP Authentication // For AD, use 'ad' and combine with http-auth in Apache configuration for dual login support #$config['auth_http'] = true;
$config['auth_mechanism'] = "ad"; // default, other options: ldap, http-auth, please see documentation for config help
$config['web_debug_unprivileged'] = TRUE;
$config['auth_ad_domain'] = "test.com";
$config['auth_ad_basedn'] = "DC=test,DC=com";
$config['auth_ad_server'] = "192.168.101.101";
$config['auth_ad_port'] = 389;
$config['auth_ad_tls'] = FALSE;
$config['auth_ad_starttls'] = 'no';
$config['auth_ad_validatecert'] = FALSE;
$config['auth_ad_binddn'] = "admin"; // Initial LDAP bind dn and password
$config['auth_ad_bindpw'] = "password";
$config['auth_ad_groups']['CN=Observium_Admin,OU=Tech_Team,DC=test,DC=com']['level'] = 10;
$config['auth_ad_groups']['CN=Observium_ReadWrite,OU=Tech_Team,DC=test,DC=com']['level'] = 9;
$config['auth_ad_groups']['CN=Observium_Read,OU=Tech_Team,DC=test,DC=com']['level'] = 7;
$config['auth_ad_groups']['CN=Observium_Cust,OU=Tech_Team,DC=test,DC=com']['level'] = 1;
################################################################################################################################################################################# # ASHWIN # #################################################################################################################################################################################
// Enable alerter #$config['poller-wrapper']['alerter'] = TRUE;
// Show or not disabled devices on major pages #$config['web_show_disabled'] = FALSE;
// Set up a default alerter (email to a single address) #$config['email']['default'] = "user@your-domain"; #$config['email']['from'] = "Observium observium@your-domain";
// End config.php $config['poller_modules']['unix-agent'] = 1;
$config['enable_billing'] = 1;