Hi, I have been using observium for a while and I am pleased with it. Now when I try to integrate LDAP, I can't find the logs to troubleshoot.
I activated LDAP and it connect correctly, the query looks good but no go.
Log from my LDAP server [06/Mar/2017:16:41:55.102124385 -0500] conn=255138 op=1 SRCH base="cn=users,cn=accounts,dc=domain,dc=com" scope=2 filter="(&(objectClass=posixaccount)(uid=dave))" attrs=ALL
Does anyone have suggestion how to activate the loggin for ldap on the PHP / NGINX / Observium side? Thanks.
Dave
David
Are you using PHP7/CentOS? A number of people have been having issues with LDAP & PHP7 on CentOS – not sure if a solution was ever found…
Jacob Bisby
From: observium [mailto:observium-bounces@observium.org] On Behalf Of David Haché Sent: Tuesday, 7 March 2017 5:46 AM To: observium@observium.org Subject: [Observium] Logs for LDAP
Hi, I have been using observium for a while and I am pleased with it. Now when I try to integrate LDAP, I can't find the logs to troubleshoot.
I activated LDAP and it connect correctly, the query looks good but no go.
Log from my LDAP server [06/Mar/2017:16:41:55.102124385 -0500] conn=255138 op=1 SRCH base="cn=users,cn=accounts,dc=domain,dc=com" scope=2 filter="(&(objectClass=posixaccount)(uid=dave))" attrs=ALL
Does anyone have suggestion how to activate the loggin for ldap on the PHP / NGINX / Observium side? Thanks.
Dave
David,
Surf to observium.you.com/debug and log in. You'll need to enable the debug web unprivileged option, otherwise debug info is only shown to administrators (which you aren't, yet, because you're not logged in).
Tom
On 06/03/2017 22:45, David Haché wrote:
Hi, I have been using observium for a while and I am pleased with it. Now when I try to integrate LDAP, I can't find the logs to troubleshoot.
I activated LDAP and it connect correctly, the query looks good but no go.
Log from my LDAP server [06/Mar/2017:16:41:55.102124385 -0500] conn=255138 op=1 SRCH base="cn=users,cn=accounts,dc=domain,dc=com" scope=2 filter="(&(objectClass=posixaccount)(uid=dave))" attrs=ALL
Does anyone have suggestion how to activate the loggin for ldap on the PHP / NGINX / Observium side? Thanks.
Dave
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Hi, To clarify the situation.
Distributor ID: Ubuntu Description: Ubuntu 16.04.2 LTS Release: 16.04 Codename: xenial
*4.4.0-57-generic #78-Ubuntu SMP Fri Dec 9 23:50:32 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxPHP 7.0.15-0ubuntu0.16.04.4 (cli) ( NTS )* cat /etc/php/7.0/apache2/php.ini |grep log
* error_log = /var/log/php_errors.log*
*/var/log/apache2/error.log (In Debug)*
*[Tue Mar 07 09:02:34.247136 2017] [authz_core:debug] [pid 27190] mod_authz_core.c(809): [client 192.168.100.57:64977 http://192.168.100.57:64977] AH01626: authorization result of Require all granted: granted[Tue Mar 07 09:02:34.247275 2017] [authz_core:debug] [pid 27190] mod_authz_core.c(809): [client 192.168.100.57:64977 http://192.168.100.57:64977] AH01626: authorization result of <RequireAny>: granted[Tue Mar 07 09:02:34.247391 2017] [authz_core:debug] [pid 27190] mod_authz_core.c(809): [client 192.168.100.57:64977 http://192.168.100.57:64977] AH01626: authorization result of Require all granted: granted[Tue Mar 07 09:02:34.247453 2017] [authz_core:debug] [pid 27190] mod_authz_core.c(809): [client 192.168.100.57:64977 http://192.168.100.57:64977] AH01626: authorization result of <RequireAny>: granted[Tue Mar 07 09:02:34.264916 2017] [deflate:debug] [pid 27190] mod_deflate.c(853): [client 192.168.100.57:64977 http://192.168.100.57:64977] AH01384: Zlib: Compressed 4306 to 1304 : URL /index.php[Tue Mar 07 09:02:39.553074 2017] [authz_core:debug] [pid 27507] mod_authz_core.c(809): [client 192.168.100.57:64978 http://192.168.100.57:64978] AH01626: authorization result of Require all granted: granted, referer: http://prodmon-mtl01.domain.com/ http://prodmon-mtl01.domain.com/[Tue Mar 07 09:02:39.553202 2017] [authz_core:debug] [pid 27507] mod_authz_core.c(809): [client 192.168.100.57:64978 http://192.168.100.57:64978] AH01626: authorization result of <RequireAny>: granted, referer: http://prodmon-mtl01 http://prodmon-mtl01* *.domain.com http://domain.com/[Tue Mar 07 09:02:39.553304 2017] [authz_core:debug] [pid 27507] mod_authz_core.c(809): [client 192.168.100.57:64978 http://192.168.100.57:64978] AH01626: authorization result of Require all granted: granted, referer: http://prodmon-mtl01 http://prodmon-mtl01* *.domain.com http://domain.com/[Tue Mar 07 09:02:39.553362 2017] [authz_core:debug] [pid 27507] mod_authz_core.c(809): [client 192.168.100.57:64978 http://192.168.100.57:64978] AH01626: authorization result of <RequireAny>: granted, referer: http://prodmon-mtl01 http://prodmon-mtl01* *.domain.com http://domain.com/[Tue Mar 07 09:02:39.581271 2017] [deflate:debug] [pid 27507] mod_deflate.c(853): [client 192.168.100.57:64978 http://192.168.100.57:64978] AH01384: Zlib: Compressed 4306 to 1304 : URL /index.php, referer: http://prodmon-mtl01 http://prodmon-mtl01*
*.domain.com http://domain.com/* Ldap access log. [07/Mar/2017:09:02:39.569577367 -0500] conn=257816 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=dave,cn=users,cn=accounts,dc=domain,dc=com"
I still have a hard time to fin any logs to help me see where it sticks. Thanks
Dave On Mon, Mar 6, 2017 at 4:45 PM, David Haché dave@dhache.com wrote:
Hi, I have been using observium for a while and I am pleased with it. Now when I try to integrate LDAP, I can't find the logs to troubleshoot.
I activated LDAP and it connect correctly, the query looks good but no go.
Log from my LDAP server [06/Mar/2017:16:41:55.102124385 -0500] conn=255138 op=1 SRCH base="cn=users,cn=accounts,dc=domain,dc=com" scope=2 filter="(&(objectClass=posixaccount)(uid=dave))" attrs=ALL
Does anyone have suggestion how to activate the loggin for ldap on the PHP / NGINX / Observium side? Thanks.
Dave
Thanks for the pointers on the Debug. I worked on the ldap.inc.php as well as config.php.
I think i found the issue but now since my modification, the debug spits me back to the non debug login screen. ODD. Would someone have a suggestion as to how to stay in Debug and where to go from now? Thanks D
Here are my modifications to the ldap.inc.php
function ldap_search_user($ldap_group, $userdn, $depth = -1) { global $ds, $config; # $compare = ldap_compare($ds, $ldap_group, $config['auth_ldap_groupmemberattr'], $userdn);
* $binduser = ldap_internal_dn_from_username($userdn); $compare = ldap_compare($ds, $ldap_group, $config['auth_ldap_groupmemberattr'], $binduser);* if ($compare === TRUE) { return TRUE; // Member found, return TRUE } elseif (($config['auth_ldap_recursive'] === true) && ($depth < $config['auth_ldap_recursive_maxdepth'])) { $depth++;
//$filter = "(&(objectClass=group)(memberOf=". $ldap_group ."))"; $filter_params = array(); # $filter_params[] = ldap_filter_create('objectClass', 'group'); #/////// *$filter_params[] = ldap_filter_create('objectClass', $config['auth_ldap_groupobjectclass']); #Change to posix group for OpenLdap* #///////
Here is what i added to config.php
*$config['auth_ldap_groupobjectclass'] = "posixgroup";* This is the testing I am doing on my Ldap server.
*#ldapcompare -Y GSSAPI "cn=admins,cn=groups,cn=accounts,dc=domain,dc=com" memberof::dave*
SASL/GSSAPI authentication started SASL username: dave@GRENADINE.JUICY SASL SSF: 56 SASL data security layer installed. *FALSE*
*# ldapcompare -Y GSSAPI "cn=admin,cn=groups,cn=accounts,dc=domain,dc=com" member:uid=dave,cn=users,cn=accounts,dc=domain,dc=com* SASL/GSSAPI authentication started SASL username: dave@GRENADINE.JUICY SASL SSF: 56 SASL data security layer installed. *TRUE*
Dave
On Mon, Mar 6, 2017 at 4:45 PM, David Haché dave@dhache.com wrote:
Hi, I have been using observium for a while and I am pleased with it. Now when I try to integrate LDAP, I can't find the logs to troubleshoot.
I activated LDAP and it connect correctly, the query looks good but no go.
Log from my LDAP server [06/Mar/2017:16:41:55.102124385 -0500] conn=255138 op=1 SRCH base="cn=users,cn=accounts,dc=domain,dc=com" scope=2 filter="(&(objectClass=posixaccount)(uid=dave))" attrs=ALL
Does anyone have suggestion how to activate the loggin for ldap on the PHP / NGINX / Observium side? Thanks.
Dave
Found the solution to my problem. Not sure I broke it for other LDAPs but it works on FreeIPA.
modified ldap.inc.php Line: 49.
# $compare = ldap_compare($ds, $ldap_group, $config['auth_ldap_groupmemberattr'], $userdn); $binduser = ldap_internal_dn_from_username($userdn); $compare = ldap_compare($ds, $ldap_group ,$config['auth_ldap_groupmemberattr'], $binduser);
David Haché Cell: 514.594.5841
On Mon, Mar 6, 2017 at 4:45 PM, David Haché dave@dhache.com wrote:
Hi, I have been using observium for a while and I am pleased with it. Now when I try to integrate LDAP, I can't find the logs to troubleshoot.
I activated LDAP and it connect correctly, the query looks good but no go.
Log from my LDAP server [06/Mar/2017:16:41:55.102124385 -0500] conn=255138 op=1 SRCH base="cn=users,cn=accounts,dc=domain,dc=com" scope=2 filter="(&(objectClass=posixaccount)(uid=dave))" attrs=ALL
Does anyone have suggestion how to activate the loggin for ldap on the PHP / NGINX / Observium side? Thanks.
Dave
participants (3)
-
David Haché -
Jacob Bisby -
Tom Laermans