I setup AD authnetication. This works great for administrators.
I started configuriing oxidized and there is a statement that a user named “oxidized” needs to be created. I tried to add it locally and realized that will never work. Multiple authentications don’t work.
I can’t create a user named “oxidized” in AD. Does this mean I need to switch back to local users? Has anyone come up with alternatives that allow centrally managed authentication yet still allow special users for LibreNMS that don’t pollute the directory server?
I am thinking perhaps:
- A local copy of OpenLDAP proxying to either a local or AD directoty.
- A local RADIUS server with the special entries that does LDAP when not found locally.
On a related note: is it possible for either RADIUS or LDAP to return the “level” of the user based upon group membership? In AD “Domain Users” should get r/o access, “Network Admins” should get r/w access.
Gary