Thanks for the tip.  Debugging works now.  However it doesn't seem to point to any problem in particular.  "Error binding to LDAP server".  If I use the same credentials with a different system it works fine.  Any other thoughts?

LDAP[Connecting to ldap.domain.ca]
LDAP[Connected]
LDAP[Referrals][Disabled]
LDAP[Version][Set to 3]
LDAP[Bind DN called]
LDAP[Bind][cn=ldapproxy,cn=Users,dc=domain,dc=ca]
Error binding to LDAP server: ldap.domain.ca: Can't contact LDAP server

On Mon, Feb 6, 2017 at 10:46 AM, Tom Laermans <tom.laermans@powersource.cx> wrote:

Dan,

To debug authentication issues you need to set $config['web_debug_unprivileged'] to TRUE (i advise you to disable it again later, as it leaks configuration data to any non-admin, even non-logged-in person)

Tom

On 02/06/2017 05:44 PM, Dan Letkeman wrote:
Hello,

I'm trying to setup AD Ldap authentication and getting nowhere.  I'm running observium version 17.1.8318 and PHP 7.0.15.  I have ldap enabled and I have verified that with phpinfo.  When I try to login with these settings in my config.php it just goes back to the login page with no failed login message or any other notice.  I have tried to use observium.domain.com/debug/ but it does the same thing.

$config['auth_ldap_binddn'] = "cn=ldapproxy,cn=Users,dc=domain,dc=ca";
$config['auth_ldap_bindpw'] = "password";
$config['auth_ldap_attr']['uid'] = "sAMAccountName";
$config['auth_ldap_attr']['uidNumber'] = "objectSid";
$config['auth_ldap_attr']['cn'] = "name";
$config['auth_ldap_attr']['dn'] = "distinguishedname";
$config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = "ldap.domain.ca";
$config['auth_ldap_port']   = 389;
$config['auth_ldap_starttls'] = FALSE;
$config['auth_ldap_prefix'] = "CN=";
$config['auth_ldap_suffix'] = ",DC=domain,DC=ca";
$config['auth_ldap_group']  = array("CN=Domain Admins,OU=Users,DC=domain,DC=ca");
$config['auth_ldap_groupbase'] = "OU=Users,DC=domain,DC=ca";
$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['CN=Domain Admins,OU=Users,DC=domain,DC=Ca']['level'] = 10;
$config['auth_ldap_groups']['CN=Domain Users,OU=Users,DC=domain,DC=Ca']['level'] = 1;

Is there a log somewhere that shows whats happening?


Also I am unable to start httpd on centos7 with these virtual host settings as per the installation manual:

<VirtualHost *>
   DocumentRoot /opt/observium/html/
   ServerName  observium.domain.ca
   CustomLog /opt/observium/logs/access_log combined
   ErrorLog /opt/observium/logs/error_log
   <Directory "/opt/observium/html/">
     AllowOverride All
     Options FollowSymLinks MultiViews
     Require all granted
   </Directory>
</VirtualHost>

Thee customlog and errorlog lines have to be commented out for the server to start.  Can anyone verify that those log settings work on centos7?  Perhaps I have some kind of rights issues with the files?

Thanks,
Dan.



_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium