So I had the server working with mysql login, but I'm struggling with getting the ldap authentication to work.
I copied the example out of the instructions, but every time I enter the username/password, the website just resets. I tried going to http://fqdn/debug, but it just tells me that the cache is disabled in the config, which it is. Unfortunately I can't find any debug logs, or entries in any logs that would help to isolate the issue.
This is my Authentication Model section <scrubbed>:
// Authentication Model // $config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help $config['auth_mechanism'] = "ldap"; $config['auth_ldap_binddn'] = "<Distinguished Name>"; $config['auth_ldap_bindpw'] = "<Password>";
$config['auth_ldap_attr']['uid'] = "sAMAccountName"; $config['auth_ldap_attr']['uidNumber'] = "objectSid"; $config['auth_ldap_attr']['cn'] = "name"; $config['auth_ldap_attr']['dn'] = "distinguishedname"; $config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3; $config['auth_ldap_server'] = "<domain controller.domain>"; $config['auth_ldap_port'] = 389; $config['auth_ldap_starttls'] = false;
$config['auth_ldap_prefix'] = "uid="; $config['auth_ldap_suffix'] = ",<Distinguished Name Suffix>"; $config['auth_ldap_group'] = array("<Distinguished Name of Observium Users Group>"); $config['auth_ldap_groupbase'] = "<Distinguished Name of Group Base>";
$config['auth_ldap_groupmembertype'] = "fulldn"; $config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']); $config['auth_ldap_groups']['Distinguished Name of Observium Admins Group']['level'] = 10; $config['auth_ldap_groups']['Distinguished Name of Observium Users Group']['level'] = 1;
Any suggestions are much appreciated!
Michael Spaulding | Systems Administrator Information Technology | Division of Student Affairs 1259 TAMU | College Station, TX 77843-1259
ph: 979.458.9223 | mspaulding@tamu.edu | doit.tamu.edu - - - - - - - - - - - - - - - - - - - - - - - - TEXAS A&M UNIVERSITY
Hi Michael,
Debugging before you're logged in is disabled by default as this would leak sensitive data to unauthenticated visitors.
You can enable this by putting the following in your config:
$config['web_debug_unprivileged'] = TRUE;
Then, as you correctly tried, add /debug to the URL then try logging in.
Don't forget to remove after you resolved the issue.
Tom
On 4/15/2020 10:53 PM, Michael Spaulding via observium wrote:
So I had the server working with mysql login, but I’m struggling with getting the ldap authentication to work.
I copied the example out of the instructions, but every time I enter the username/password, the website just resets. I tried going to http://fqdn/debug, but it just tells me that the cache is disabled in the config, which it is. Unfortunately I can’t find any debug logs, or entries in any logs that would help to isolate the issue.
This is my Authentication Model section <scrubbed>:
// Authentication Model
// $config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help
$config['auth_mechanism'] = "ldap";
$config['auth_ldap_binddn'] = "<Distinguished Name>";
$config['auth_ldap_bindpw'] = "<Password>";
$config['auth_ldap_attr']['uid'] = "sAMAccountName";
$config['auth_ldap_attr']['uidNumber'] = "objectSid";
$config['auth_ldap_attr']['cn'] = "name";
$config['auth_ldap_attr']['dn'] = "distinguishedname";
$config['auth_ldap_objectclass'] = "person";
$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = "<domain controller.domain>";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_starttls'] = false;
$config['auth_ldap_prefix'] = "uid=";
$config['auth_ldap_suffix'] = ",<Distinguished Name Suffix>";
$config['auth_ldap_group'] = array("<Distinguished Name of Observium Users Group>");
$config['auth_ldap_groupbase'] = "<Distinguished Name of Group Base>";
$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups'][‘Distinguished Name of Observium Admins Group’]['level'] = 10;
$config['auth_ldap_groups'][‘Distinguished Name of Observium Users Group’]['level'] = 1;
Any suggestions are much appreciated!
*Michael Spaulding* | Systems Administrator Information Technology | Division of Student Affairs
1259 TAMU | College Station, TX 77843-1259
ph: 979.458.9223 | mspaulding@tamu.edu| doit.tamu.edu
*TEXAS A&M UNIVERSITY *
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (2)
-
Michael Spaulding -
Tom Laermans