Leo,
The account is called "Bind Observium" (cf auth_ldap_binddn).
You can also bind using the alternate syntax of username@yourdomain if that helps you visualize it :-)
Tom
On 07/07/2016 23:57, Dano, Leo wrote:
Hi Sandy,
Just to verify what I am seeing. You have an AD account Observium? With the password thepassword (or something). This is how you are binding to AD?
Thanks,
Leo Dano
*From:*observium [mailto:observium-bounces@observium.org] *On Behalf Of *Sandy Breeze *Sent:* Thursday, July 07, 2016 2:46 PM *To:* Observium Network Observation System observium@observium.org *Subject:* Re: [Observium] Setting up LDAP Auth
We use the below. Substitute ‘MyCompany’ with $YourCompany and look at the sample structure
// Authentication Model
$config['auth_mechanism'] = "ldap"; // default, other options: ldap, http-auth, please see documentation for config help
// LDAP Auth
$config['auth_ldap_binddn'] = "CN=Bind Observium,OU=Bind Accounts,OU=Service Accounts,OU=MyCompany,OU=MyCompany Group,DC=MyCompany,DC=local";
$config['auth_ldap_bindpw'] = "thepassword";
$config['auth_ldap_bindanonymous'] = FALSE;
$config['auth_ldap_attr']['uid'] = "sAMAccountName";
$config['auth_ldap_attr']['uidNumber'] = "objectSid";
$config['auth_ldap_attr']['cn'] = "name";
$config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = "127.0.0.1";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_starttls'] = FALSE;
$config['auth_ldap_suffix'] = ",OU=MyCompany Group,DC=MyCompany,DC=local";
$config['auth_ldap_group'] = array("CN=MyCompany-Application-Observium_Admin Users,OU=Observium,OU=Application Groups,OU=Domain Local,OU=Security Groups,OU=MyCompany,OU=MyCompany Group,DC=MyCompany,DC=local");
$config['auth_ldap_groupbase'] = "OU=Observium,OU=Application Groups,OU=Domain Local,OU=Security Groups,OU=MyCompany,OU=MyCompany Group,DC=MyCompany,DC=local";
$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['MyCompany-Application-Observium_Admin Users']['level'] = 10;
$config['auth_ldap_groups']['MyCompany-Application-Observium_Users']['level'] = 1;
On 07/07/2016, 22:36, "observium on behalf of Adam Armstrong" <observium-bounces@observium.org mailto:observium-bounces@observium.org on behalf of adama@memetic.org mailto:adama@memetic.org> wrote:
That would be useful to a lot of people I think. AD is a common question! Adam. Sent from BlueMail <http://www.bluemail.me/r> On 7 Jul 2016, at 22:33, Richard Franks <richardfranks152@gmail.com <mailto:richardfranks152@gmail.com>> wrote: I can probably put together some bits tomorrow. I've got it working against AD. On 7 Jul 2016, at 22:31, Adam Armstrong <adama@memetic.org <mailto:adama@memetic.org>> wrote: Would someone who knows what they're talking about like to write some kinda of instructions on this? None of us do AD, so... :) Adam. Sent from BlueMail <http://www.bluemail.me/r> On 7 Jul 2016, at 22:28, Sam Jones <jonesamu@isu.edu <mailto:jonesamu@isu.edu>> wrote: My biggest hurdle was finding and using the Full DN of the accounts and groups being used. Here is our scrubbed configuration we are using: $config['auth_mechanism'] = "ldap"; // LDAP Authentication // Full DN of BIND ACCOUNT $config['auth_ldap_binddn'] = "CN=BIND_ACCOUNT,OU=GROUP1,DC=DOMAIN,DC=COM"; $config['auth_ldap_bindpw'] = "PASSWORD"; $config['auth_ldap_attr']['uid'] = "sAMAccountName"; $config['auth_ldap_attr']['uidNumber'] = "objectSid"; $config['auth_ldap_attr']['cn'] = "name"; $config['auth_ldap_attr']['dn'] = "distinguishedname"; $config['auth_ldap_objectclass'] = "person"; $config['auth_ldap_version'] = 3; $config['auth_ldap_server'] = "AD_SERVER.DOMAIN.COM <http://AD_SERVER.DOMAIN.COM>"; $config['auth_ldap_port'] = 389; $config['auth_ldap_starttls'] = TRUE; // Full DN of account used to Login $config['auth_ldap_prefix'] = "CN="; $config['auth_ldap_suffix'] = ",OU=GROUP2,DC=DOMAIN,DC=COM"; // Full DN of group to allow access $config['auth_ldap_group'] = array("CN=Observium Admins,OU=GROUPS,DC=DOMAIN,DC=COM"); $config['auth_ldap_groupmembertype'] = "fulldn"; $config['auth_ldap_groupmemberattr'] = "member"; unset($config['auth_ldap_groups']); // Full DN of Group to assign access level $config['auth_ldap_groups']['CN=Observium Admins,OU=GROUPS,DC=DOMAIN,DC=COM']['level'] = 10; Sam On Thu, Jul 7, 2016 at 2:49 PM, Dano, Leo <ldano@qualcomm.com <mailto:ldano@qualcomm.com>> wrote: Active Directory Thanks, ----------------------- Leo Dano *From:*observium [mailto:observium-bounces@observium.org <mailto:observium-bounces@observium.org>] *On Behalf Of *Sam Jones *Sent:* Thursday, July 07, 2016 1:29 PM *To:* Observium Network Observation System <observium@observium.org <mailto:observium@observium.org>> *Subject:* Re: [Observium] Setting up LDAP Auth Have you tried looking at the http://{Your_Observium_Server}/debug <http://%7bYour_Observium_Server%7d/debug>. What type of Directory Server are you connecting to? Sam On Thu, Jul 7, 2016 at 1:53 PM, Dano, Leo <ldano@qualcomm.com <mailto:ldano@qualcomm.com>> wrote: Hello all, Tried Maartens entries in the conf file. Put all our ldap info but no worky. Was trying to tail the log files but I can’t find the right one to tail. auth is not updating as I put in incorrect login details. Any suggestions? Thanks, ----------------------- Leo Dano *From:*observium [mailto:observium-bounces@observium.org <mailto:observium-bounces@observium.org>] *On Behalf Of *Dano, Leo *Sent:* Thursday, June 30, 2016 8:49 AM *To:* Observium Network Observation System <observium@observium.org <mailto:observium@observium.org>> *Subject:* Re: [Observium] Setting up LDAP Auth Thanks Maarten! This will help me get in the right direction. Thanks, ----------------------- Leo Dano *From:*observium [mailto:observium-bounces@observium.org] *On Behalf Of *Moerman, Maarten *Sent:* Thursday, June 30, 2016 6:41 AM *To:* Observium Network Observation System <observium@observium.org <mailto:observium@observium.org>> *Subject:* Re: [Observium] Setting up LDAP Auth Ow , euh, replace BLAgroup and BLAcompany with your group and company (from your ldap params), forgot to fix one line in below example :) *From: *observium <observium-bounces@observium.org <mailto:observium-bounces@observium.org>> on behalf of "Moerman, Maarten" <mmoerman@ebay.com <mailto:mmoerman@ebay.com>> *Reply-To: *Observium Network Observation System <observium@observium.org <mailto:observium@observium.org>> *Date: *Thursday, June 30, 2016 at 3:39 PM *To: *Observium Network Observation System <observium@observium.org <mailto:observium@observium.org>> *Subject: *Re: [Observium] Setting up LDAP Auth This is ours: // LDAP Authentication $config['auth_mechanism'] = "ldap"; $config['auth_ldap_group'] = array(); $config['auth_ldap_version'] = 3; $config['auth_ldap_server'] = “<ldap-server-hostname>"; $config['auth_ldap_port'] = 389; $config['auth_ldap_starttls'] = FALSE; $config['auth_ldap_objectclass'] = "posixAccount"; $config['auth_ldap_prefix'] = "uid="; $config['auth_ldap_suffix'] = ",ou=People,ou=BLAgroup,o=BLAcompany"; $config['auth_ldap_attr']['uid'] = "uid"; $config['auth_ldap_attr']['uidNumber'] = "uidNumber"; $config['auth_ldap_attr']['cn'] = "cn"; $config['auth_ldap_groupmemberattr'] = "memberUid"; $config['auth_ldap_groupbase'] = "ou=group,ou=<yourgroup>,o=<yourcompany>"; $config['auth_ldap_groups']['nw']['level'] = 10; *From: *observium <observium-bounces@observium.org <mailto:observium-bounces@observium.org>> on behalf of Ximena Cardinali <ximenacardinali@gmail.com <mailto:ximenacardinali@gmail.com>> *Reply-To: *Observium Network Observation System <observium@observium.org <mailto:observium@observium.org>> *Date: *Thursday, June 30, 2016 at 3:17 PM *To: *Observium Network Observation System <observium@observium.org <mailto:observium@observium.org>> *Subject: *Re: [Observium] Setting up LDAP Auth I couldn't make it work either. If you find a solution that works, I'll appreciate your feedback. On 29 June 2016 at 17:52, Dano, Leo <ldano@qualcomm.com <mailto:ldano@qualcomm.com>> wrote: Hello all, Anyone care to share your config settings? I am having a hard time setting this up. Please remove your domain info in the reply. /opt/observium/config.php Thanks, ----------------------- Leo Dano _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium ------------------------------------------------------------------------ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium ------------------------------------------------------------------------ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium