Dear

We created a separate vhost for mysql (guest) logins and put a switch in the config file to switch between vhost / authentication methods. This way we also have different overview/frontpage layouts depending on which authentication method is used.

if ($_SERVER['SERVER_NAME'] == 'observium.yourdomain.com'){

}elseif ($_SERVER['SERVER_NAME'] == 'observium-guests.yourdomain.com'){

}

You of course cannot control LDAP user permissions while you're logged on the MySQL vhost and vice versa since the administration panel will think you are using the one you are currently logged in to.

This option could of course also be a $_GET parameter (e.g. https://observium.yourdomain.com/?mysql_fallback)

And then have this in your config.php file

If (isset($_GET['mysql_fallback'])){

//ldap auth

}else{

//regular auth

}

We used to use the second method, but recently switched to the other for convenience (you lose the mysql fallback parameter once you enter an invalid user, or press logout and so on, the vhost one seems to work pretty seamless). If your sole reason is to have a fallback I think option 2 still seems like a decent enough option since you will rarely use it.

Kind regards

Stef Renders

Cloud Solutions Engineer

E

mailto:stef.renders@arxus.eu stef.renders@arxus.eu

http://www.arxus.eu/

T

+32 3 450 67 89

http://www.arxus.eu/ www.arxus.eu

P 'Be green, keep it on the screen. Please think before you print this e-mail.

From: observium [mailto:observium-bounces@observium.org] On Behalf Of Damien Burke Sent: Wednesday, July 29, 2015 2:49 AM To: Observium Network Observation System observium@observium.org Subject: Re: [Observium] Plaining LDAP for login

I found LDAP support in observium to be lacking significantly.

A jira-like method of authentication would be appreciated. Specifically the ability to use integrated and external sources for authentication at the same time. As well as permissions based on AD groups.

From: observium [mailto:observium-bounces@observium.org] On Behalf Of chott@praha1.net mailto:chott@praha1.net Sent: Tuesday, July 28, 2015 2:11 PM To: observium@observium.org mailto:observium@observium.org Subject: [Observium] Plaining LDAP for login

Hello team,

we are plaining LDAP authentication for Observium.

What happend if LDAP server is not available ?

And can i combine LDAP and MySQL logins? For example LDAP for company Users and MySQL for customers/viewers

Regards, Tomas

Tomas Chott technický ředitel

chott@praha1.net mailto:chott@praha1.net Phone: +420 245 004 005 Mobile: +420 604 930 119

Metropolitní síť Praha 1 z.s.p.o. Jindrisska 18 110 00 Praha 1 Czech Republic www.praha1.net http://www.praha1.net

http://www.facebook.com/praha1net

RE: "We created a separate vhost for mysql (guest) logins and put a switch in the config file to switch between vhost / authentication methods. This way we also have different overview/frontpage layouts depending on which authentication method is used.

if ($_SERVER['SERVER_NAME'] == ‘observium.yourdomain.com'){

}elseif ($_SERVER['SERVER_NAME'] == ‘observium-guests.yourdomain.com’){

}"

Stef,

Fantastic idea. thank you VM.

just set it up on the test system

thanks

Peter Hine Senior Technical Support Engineer (Servers) FCoA ITS peter.hine@familycourt.gov.au

********************************************************************** The information contained in this e-mail (including any attachments) is for the exclusive use of the addressee. If you are not the intended recipient please notify the sender immediately and delete this e-mail. It is noted that legal privilege is not waived because you have read this e-mail. **********************************************************************