Active Directory authentication incorrectly mixing auth_id/user_id for device permissions

At some point in the last 6 months, users who were in an AD group providing them level 1 (normal user) access lost all device permissions. When checking their permissions with an administrative user, all relevant devices appeared to be added correctly. Global permissions (global read-only, global administrator) still worked correctly. Upon further troubleshooting, it looks like the permissions are added to the devices_perms table using a column named “user_id”. The rows that populate when adding permissions via the GUI use the user’s “auth_id” for the “user_id” value. When we manually set the permission to use the user object’s “user_id” instead of its “auth_id”, the user can see their devices, but the permissions appear missing from the administrator’s perspective in the GUI. Either the permissions filtering code or the GUI code appear to be using the wrong value.


Component Version
LibreNMS 1.43-146-g4fa1926
DB Schema 268
PHP 7.1.17
MySQL 5.5.56-MariaDB
RRDTool 1.4.8


[OK] Composer Version: 1.7.2
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct

Is anybody else able to recreate this behavior? It feels like a bug since directly modifying the DB tables seems to partially resolve the issue.

1 Like

I think an issue should be created on GitHub.