[Observium] help on Active directory authentication (nothing happens)

28 Dec 2018

      Hi All,
I tried to make observium AD log in working during a few hours without any
success, so I ask here for help^^
I took the ad example conf and edited some values.
I used same kind of conf in antoher apache vhost, and it works fine.
I also tried to find a good debug mode to help me with that, but nothing Is
in the logs.
I tried "url/debug", "url/debug=yes", I can only see "CACHE DISABLED.
Disabled in config", but I don't see any message about failed
authentication (after I entered my credentials, nothing happens, I come
back to log in page)
I also tried what is in this page (
https://docs.observium.org/config_options/#debugging-profiling-settings),
but nothing happens in any log file.
how can I enabled debug mode to help me with this authentication issue?
In my win2k8 AD, the directory tree is as follow:
Administrative (at the root) --> "Domain users" (where all the "human"
users are)
--> "Groups" (where all the
groups are)
--> "ServiceAccounts" (where the
binddn user is)
Here is the conf I have :
$config['auth_mechanism'] = "ldap";
$config['auth_ldap_binddn'] =
"cn=DNrequest,ou=ServiceAccounts,ou=Administrative,dc=example,dc=com";
$config['auth_ldap_bindpw'] = "password";
$config['auth_ldap_attr']['uid'] = "sAMAccountName";
$config['auth_ldap_attr']['uidNumber'] = "objectSid";
$config['auth_ldap_attr']['cn'] = "name";
$config['auth_ldap_attr']['dn'] = "distinguishedname";
$config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = "example.com";
$config['auth_ldap_port']   = 389;
$config['auth_ldap_starttls'] = FALSE;
$config['auth_ldap_prefix'] = "CN=";
$config['auth_ldap_suffix'] = ",OU=Domain
users,OU=Administrative,DC=example,DC=com";
$config['auth_ldap_group']  =
array("CN=NE.Access,OU=Groups,OU=Administrative,DC=example,DC=com");
$config['auth_ldap_groupbase'] =
"OU=Groups,OU=Administrative,DC=example,DC=com";
$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['CN=NE.Access,OU=Groups,OU=Administrative,DC=example,DC=com']['level']
= 10;
Thanks a lot in advance for you help!
Vincent Kwiatkowski
Operations&Infrastructure - System Team • Itiviti
Production System Engineer
Direct: +33 1 44 50 25 45
vincent.kwiatkowski@itiviti.com
21 Boulevard Haussmann
https://maps.google.com/?q=21+Boulevard+Haussmann+75009+Paris,+France&entry=gmail&source=g
75009 Paris, France
https://maps.google.com/?q=21+Boulevard+Haussmann+75009+Paris,+France&entry=gmail&source=g
Phone: +33 1 49 95 30 00
-- 

Visit: itiviti.com https://www.itiviti.com/ / ullink.com 
https://www.ullink.com/ »
Read the latest news from Itiviti » 
http://www.itiviti.com/news/

*The information contained in or 
attached to this email is strictly confidential. If you are not the 
intended recipient, please notify us immediately by telephone and return 
the message to us.*

*
*

*Email communications by definition contain 
personal information. The ITIVITI group of companies (of which ULLINK forms 
part) is subject to European data protection regulations. ULLINK’s Privacy 
Policy is available at www.ullink.com http://www.ullink.com/. ULLINK 
expects the recipient of this email to be compliant with ULLINK’s Privacy 
Policy and applicable regulations. Please advise us immediately at 
dataprotection@ullink.com mailto:dataprotection@ullink.com if you are not 
compliant with these.*