LDAP Configuration issue on Observium
Hi All,
Kindly help me to configure the LDAP authentication on Observium page.
Below are the Config files lines which i have added on config line. still not working. pls check the below codes,correct me if any lines are wrong. ----------------------------------------------- // Authentication Model $config['auth_mechanism'] = "ldap"; // default, other options: ldap, http-auth, please see documentation for config help
$config['auth_ldap_binddn'] = "CN=ldap,OU=IT,OU=Service Accounts,OU=Users,OU=AAAAAAA,DC=BBBBBB,DC=com"; $config['auth_ldap_bindpw'] = "xxxxxxxx"; $config['auth_ldap_bindanonymous'] = FALSE;
$config['auth_ldap_attr']['uid'] = "uid"; $config['auth_ldap_attr']['uidNumber'] = "uidNumber"; $config['auth_ldap_attr']['cn'] = "cn"; $config['auth_ldap_attr']['dn'] = "dn"; $config['auth_ldap_objectclass'] = "posixAccount";
$config['auth_ldap_version'] = 3; $config['auth_ldap_server'] = "MDC01.xxx.com http://mdc01.xxx.com/"; $config['auth_ldap_port'] = 389; $config['auth_ldap_starttls'] = FALSE;
$config['auth_ldap_prefix'] = "uid"; $config['auth_ldap_suffix'] = ",DC=BBBBB,DC=com"; $config['auth_ldap_group'] = "OU=IT,OU=AAAAAA,DC=BBBBBB,DC=com"; $config['auth_ldap_groupbase'] = "OU=IT,OU=IF,OU=IS,OU=Standard,OU=Users,OU=AAAA,DC=BBBBB,DC=com";
$config['auth_ldap_groupmembertype'] = "nodn"; $config['auth_ldap_groupmemberattr'] = "memberUid";
unset($config['auth_ldap_groups']); $config['auth_ldap_groups']['CN=ldap,OU=IT,OU=Service Accounts,OU=Users,OU=AAAA,DC=BBBBB,DC=com']['level'] = 10; $config['auth_ldap_groups']['CN=ldap,OU=IT,OU=Service Accounts,OU=Users,OU=AAAA,DC=BBBBB,DC=com']['level'] = 1;
---------------------------------------------- Need to do any other settings on configfile or anyother file on the server.
Thanks in advance
Thanks!
Regards, *Sivaraja*
Hi,
On 2015-08-25 15:50, Sivaraja,Raja wrote:
Hi All,
Kindly help me to configure the LDAP authentication on Observium page.
Below are the Config files lines which i have added on config line. still not working. pls check the below codes,correct me if any lines are wrong. $config['auth_ldap_group'] = "OU=IT,OU=AAAAAA,DC=BBBBBB,DC=com";
^ Not possible, an OU is not a group, so you 'll never be member of this group. This means you won't be able to log in.
$config['auth_ldap_groupbase'] = "OU=IT,OU=IF,OU=IS,OU=Standard,OU=Users,OU=AAAA,DC=BBBBB,DC=com";
$config['auth_ldap_groupmembertype'] = "nodn"; $config['auth_ldap_groupmemberattr'] = "memberUid";
unset($config['auth_ldap_groups']); $config['auth_ldap_groups']['CN=ldap,OU=IT,OU=Service Accounts,OU=Users,OU=AAAA,DC=BBBBB,DC=com']['level'] = 10; $config['auth_ldap_groups']['CN=ldap,OU=IT,OU=Service Accounts,OU=Users,OU=AAAA,DC=BBBBB,DC=com']['level'] = 1;
^ This means you have a group "ldap" inside the "IT" OU which has both level 1 -and- 10. Odd. 1 will win tough, as you put that one last. ^ Also, I suspect "ldap" is a user, as you're using it as bind DN, and a user isn't a group, so that won't work either.
Please contact your directory administrator for assistance on what groups you can use.
Tom
your ldap groups are the same as the bind entry. My settings are listed here. $config['auth_ldap_groupbase'] = "ou=Court Groups,ou=network,o=fca"; $config['auth_ldap_groups']['obsadmin']['level'] = 10;
perhaps you wanted $config['auth_ldap_groups']['obsadmin']['level'] = 10; $config['auth_ldap_groups']['obsuser]['level'] = 1;
where cn=obsadmin,OU=IT,OU=IF,OU=IS,OU=Standard,OU=Users,OU=AAAA,DC=BBBBB,DC=com and cn=obsuser,OU=IT,OU=IF,OU=IS,OU=Standard,OU=Users,OU=AAAA,DC=BBBBB,DC=com are groups
I use eDirectory, not AD, so i don't know if your prefix or suffix entries are right, but they seem strange. $config['auth_ldap_prefix'] = "cn="; $config['auth_ldap_suffix'] = ""; //leave empty to override default
thanks
Peter Hine Senior Technical Support Engineer (Servers) FCoA ITS peter.hine@familycourt.gov.au
********************************************************************** The information contained in this e-mail (including any attachments) is for the exclusive use of the addressee. If you are not the intended recipient please notify the sender immediately and delete this e-mail. It is noted that legal privilege is not waived because you have read this e-mail. **********************************************************************
participants (3)
-
Peter.Hine@familycourt.gov.au -
Sivaraja,Raja -
Tom Laermans